A device used to automate operations at various industrial control facilities including power stations and water treatment plants contains multiple vulnerabilities that could allow a hacker to remotely compromise it and run malicious code.
On Dec. 12, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT, part of the Department of Homeland Security) issued a warning detailing the flaws affecting the Modicon Quantum PLC, a programmable-logic controller that facilitates communication between supervisory control and data acquisition (SCADA) networks and the industrial machines they control.
The ISC-CERT credited the findings of Reverse Mode security researcher Ruben Santamarta who, in a blog post, explained that the Modicon PLCs contain default passwords that are hard-coded into the Ethernet cards the SCADA systems use to command them. Vulnerabilities in the PLCs could enable an attacker to load his own Trojanized firmware on the devices, Santamarta said.
Flaws in Modicon PLCs also open the devices to exploitation through the Telnet and Windriver Debug port. Exploiting these weaknesses, an attacker could modify the PLC module's memory, cause a denial-of-service attack, view the operating of the module's firmware and run malicious code on the PLC.
Schneider Electric, based in France, manufactures the PLC module in question. The company did not return an email asking for comment.
Santamarta said there is "no patch available at this moment" to address the flaws he discovered, and "there is no solution other than redesigning these devices, which obviously is not feasible in the short/middle term, so mitigations are needed and expected."
The news comes just weeks after a hacker using the name "pr0f" claims he breached a Texas water plant's network to highlight inherent weaknesses in the SCADA system.