The NCCIC has released an advisory on vulnerabilities in Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200. All versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service on the device, which could result in arbitrary code execution or malicious firmware installation. Schneider Electric recommends that users follow the instructions outlined in the Modicon Controllers Platform - Cyber Security, Reference Manual to install Modicon PLCs securely. Schneider Electric also recommends that affected users disable FTP services on the device during times when maintenance or configuration activities are not needed. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!