RCE vulnerability found on ICS management software

News by Roi Perez

Industrial cyber-security firm Indegy has found a remote code execution vulnerability inside Schneider Electric's flagship ICS management software, Unity Pro.

A cyber-security firm, has found a remote code execution vulnerability in Schneider Electric's flagship industrial controller management software, Unity Pro. Indegy  released a report on the flaw on Tuesday. The vulnerability allows hackers to remotely execute code onto industrial control systems networks.

Writing on his company's website, Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version. Unity Pro, which runs on Window PCs, is used for managing and programing industrial control systems.

Schneider Electric has said that all versions of Unity Pro, including the latest, version 11.1, are impacted. Indegy has highlighted that the vulnerability does not require a compromise of the controllers in an ICS network because, “the industrial controllers lack authentication and industrial communications protocols lack encryption.”

According to Gandelsman, the vulnerability was discovered nearly six months ago and was privately disclosed to Schneider Electric. Since the disclosure, Schneider Electric has patched the vulnerability.

Schneider Electric's description of the vulnerability says that the flaw occurs when a Unity instance is compiled as x86 and loaded onto the programmable logic controller simulator. It explained: “it is possible to make the simulator execute malicious code by redirecting the control flow of these instructions: By implanting arbitrary shellcode in free space of a Unity Pro project, then download and execute the patched project to the simulator.”

Schneider Electric acknowledged the flaw, issuing a “notification” to its customers on October 14th. “The vulnerability is arbitrary code execution made possible by remotely downloading a patched project file to the Unity Simulator,” according to Schneider Electric.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews