Although disclosed earlier this month at DEFCON, vulnerabilities in the Schneider Electric Modicon M340 PLC Station P34 Module continue to exist:
The Industrial Control System Cyber Emergency Response Team (ICS-CERT) released an alert late last week and patches are currently being validated according to ICS-CERT and researcher Aditya K. Sood, who gave the DEF CON presentation. Sood said the alert came as a result of his talk in Las Vegas where he described the flaws in Schneider Electric’s Modicon M340 PLC Station P34 Module human machine interface (HMI) software. HMIs provide infrastructure operators with a visualization of the automation environment and allow admins to manage controls from a single screen or screens.
The vulnerabilities affect the modules that support the Factory Cast Modbus feature.
“[The alert] is based on my DEFCON talk but there are high chances that attackers could have been exploiting these vulnerabilities for some time now,” Sood said.
Sood disclosed vulnerabilities and provided Schneider with proof-of-concept code for two remotely exploitable vulnerabilities, and a related locally exploitable flaw. One of the flaws is a hard-coded credential found in the software that ICS-CERT told Sood had already been reported to them. Sood said it is unknown whether the hard-coded password has been removed since there was discussion of deploying a patch that would disable the affected FTP login.