A number of security researchers in collaboration have disclosed CVE-2021-22778 through 22782; a chain of vulnerabilities that allows for authentication bypass and remote code execution (RCE) on Schneider Electric’s widespread line of Modicon Programmable Logic Controllers (PLC). These are widely used as embedded devices in industries such as energy utilities, building services, HVAC systems, et al., as part of operational technology (OT) in addition to a number of other potentially sensitive applications. The main exploit 22779, so called “ModiPwn,” was found by Armis researchers (blog linked below) and allows for chaining of other exploits including previously patched vulnerabilities whose end result is full control over the targeted PLC while simultaneously hiding the intrusion from monitoring workstations. Schneider Electric has released a security advisory and mitigations for CVE 22778 and 227780 through 22782, but has not yet released a fix for 22779. The security advisory recommends standard best practices such as maintaining perimeter security and network segmentation until a fix is released.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is