DHS Issues Alert – Schneider Electric Ethernet Module Vulnerabilities

Schneider Electric to Publish Fix

The Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an alert regarding several Schneider Electric Ethernet Modules. The alert was issued after independent security expert  Rubén Santamart announced details of the vulnerability.

In November 2010 ICS-CERT published a alert covering increased search activities for vulnerable SCADA and ICS systems using a specialized search agent, Where search engines like Google and Bing index websites, SHODAN is built to index internet-connected devices. The search can be configured to look for devices with known vulnerabilities. In February 2011, ICS-CERT noted 75 internet facing control system devices, primarily in the water sector. Many of these had default login credentials for remote access.