Major Vulnerability Found in Schneider Electric Utility Pro by Tom Spring should have Open Source Intelligence (OSINT) gurus in high gear.
From the post:
Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks.
The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered the vulnerability and issued a report on the flaw Tuesday. Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version. Unity Pro, which runs on Window-based PCs, is used for managing and programing millions of industrial controllers around the world.
“If the IP address of the Windows PC running the Unity Pro software is accessible to the internet, then anyone can exploit the software and run code on hardware,” Gandelsman told Threatpost. “This is the crown jewel of access. An attacker can do anything they want with the controllers themselves.”
The flaw resides in a component of Unity Pro software named Unity Pro PLC Simulator, used to test industrial controllers, according to Indegy.
“This is what an attacker would want to have access to in order to impact the actual production process within an ICS physical environment. That includes the valves, turbines, centrifuges and smart meters. These are accessible from the engineering stations natively,” Gandelsman said. “With this type of access, an attacker can use it to change the recipe to drugs being manufactured by industrial control systems or turn off the power grid of a city.”
… (emphasis added)
How is Open Source Intelligence (OSINT) relevant?
Schneider Electric products are found in:
Open Source Intelligence (OSINT) techniques can be used to identify and locate Schneider Electric Unity Pro installations, an important step in assessing their vulnerabilities.
Such techniques can provide actionable and valuable intelligence for planners, government officials, risk assessment and other purposes.
In the interest of “responsible disclosure” (read “reserved for paying customers”), I omit my suggestions on the best OSINT techniques for this particular use case.
PS: All versions of the Schneider Electric Unity Pro prior to its latest patch are vulnerable.