Schneider Electric Unity Pro Targeting Data

Major Vulnerability Found in Schneider Electric Utility Pro by Tom Spring should have Open Source Intelligence (OSINT) gurus in high gear.

From the post:

Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks.

The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered the vulnerability and issued a report on the flaw Tuesday. Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version. Unity Pro, which runs on Window-based PCs, is used for managing and programing millions of industrial controllers around the world.

“If the IP address of the Windows PC running the Unity Pro software is accessible to the internet, then anyone can exploit the software and run code on hardware,” Gandelsman told Threatpost. “This is the crown jewel of access. An attacker can do anything they want with the controllers themselves.

The flaw resides in a component of Unity Pro software named Unity Pro PLC Simulator, used to test industrial controllers, according to Indegy.

“This is what an attacker would want to have access to in order to impact the actual production process within an ICS physical environment. That includes the valves, turbines, centrifuges and smart meters. These are accessible from the engineering stations natively,” Gandelsman said. “With this type of access, an attacker can use it to change the recipe to drugs being manufactured by industrial control systems or turn off the power grid of a city.”
… (emphasis added)

How is Open Source Intelligence (OSINT) relevant?

Schneider Electric products are found in:

Afghanistan Guatemala Puerto Rico
Albania Guinea Qatar
Algeria Guinea-Bissau Reunion Island
Angola Guyana Romania
Antigua and Barbuda Haïti Russia
Argentina Honduras Rwanda
Armenia Hong Kong Saint Barthelemy
Australia Hungary Saint Lucia
Austria Iceland Saint Martin
Azerbaijan India Saint Pierre and Miquelon
Bahamas Indonesia Saint Vincent and the Grenadines
Bahrain Iran Samoa
Bangladesh Iraq Sao Tome and Principe
Barbados Ireland Saudi Arabia
Belarus Israel Senegal
Belgium Italy Serbia
Benin Ivory Coast Seychelles
Bermuda Jamaica Sierra Leone
Bhutan Japan Singapore
Bolivia Jordan Slovakia
Bosnia-Herzegovina Kazakhstan Slovenia
Botswana Kenya Solomon Islands
Brazil Kosovo Somalia
Brunei Kuwait South Africa
Bulgaria Kyrgyzstan South Korea
Burkina-Faso Laos Spain
Burundi Latvia Sri Lanka
Cambodia Lebanon Sudan
Cameroon Liberia Suriname
Canada Libya Swaziland
Cape Verde Liechtenstein Sweden
Cayman Islands Lithuania Switzerland
Central African Republic Luxembourg Taiwan
Chad Macedonia Tanzania
Chile Madagascar Thailand
China Malawi Togo
Colombia Malaysia Tonga
Comoros Maldives Trinidad and Tobago
Congo Mali Tunisia
Cook Islands Malta Turkey
Costa Rica Martinique Turkmenistan
Croatia Mauritania Turks and Caicos Islands
Cuba Mauritius Tuvalu
Cyprus Mayotte Uganda
Czech Republic Mexico Ukraine
Denmark Moldova United Arab Emirates
Djibouti Monaco United Kingdom
Dominican Republic Mongolia United States
DR of Congo Montenegro Uruguay
Ecuador Montserrat Uzbekistan
Egypt Morocco Vanuatu
El Salvador Mozambique Venezuela
Equatorial Guinea Myanmar Vietnam
Eritrea Namibia Virgin islands
Estonia Nepal Wallis and Futuna
Ethiopia Netherlands Yemen
Fiji New Caledonia Zambia
Finland New Zealand Zimbabwe
France Nicaragua
French Guiana Niger
French Polynesia Nigeria
Gabon Norway
Gambia Oman
Georgia Pakistan
Germany Peru
Ghana Philippines
Greece Poland
Guadeloupe Portugal

Open Source Intelligence (OSINT) techniques can be used to identify and locate Schneider Electric Unity Pro installations, an important step in assessing their vulnerabilities.

Such techniques can provide actionable and valuable intelligence for planners, government officials, risk assessment and other purposes.

In the interest of “responsible disclosure” (read “reserved for paying customers”), I omit my suggestions on the best OSINT techniques for this particular use case.

PS: All versions of the Schneider Electric Unity Pro prior to its latest patch are vulnerable.

Comments are closed.