Sign in / up

back to article Vlad that's over: Remote code flaws in Schneider Electric apps whacked

Infosec researchers at Tenable Security have unearthed a remote code execution flaw in critical infrastructure software made by energy management multinational Schneider Electric. The vulnerability could have allowed miscreants to control underlying critical infrastructure systems, researchers said. The apps affected – used …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Voland's right hand Silver badge

    Excellent. How appropriate

    So, any thoughts on the decision to put the best security hacker of Sneider software under personal sanctions - so that she can no longer contribute to fixing their unholy mess (and it is a fecking unholy mess all right).

    https://en.wikipedia.org/wiki/Alisa_Shevchenko

    They were paying her money and she was finding things. It worked.

    Until some moron in the USA decided that someone who is earning a few M per year doing bank and scada penetration testing will be interested in helping an Orange Baboon win the elections.

    As a result, as they cannot pay that lady any more, they are hiring guess where:

    https://www.jobs.net/jobs/squared/en-us/job/India/Lead-Engineer-Penetration-Tester/J3N63K6XQ5F4FVLF8PJ/

    We do not even need to guess what security they will have AFTER THAT.

    4 3 Reply
    1. macjules
      Reply Icon

      Re: Excellent. How appropriate

      Jesus H Christ. Talk about (mis)management cutting their noses off to spite their faces. Good luck to them, I think they are going to seriously need it.

      1 1 Reply
  2. GnuTzu

    Deja Vu

    I'm pretty sure Schneider Electric has been here before, and I expect we'll be seeing more.

    1 0 Reply
  3. Anonymous South African Coward Bronze badge

    What with Trumpmenistan insisting on doing everything by themselves, I expect that IT security will only get worse if not better.

    Will be interesting going forward.

    3 4 Reply
  4. Will Godfrey Silver badge
    Unhappy

    Hello buffer my old friend

    I've come to break you once again.

    'cos the malware that was creeping,

    Stole my code while I was sleeping.

    ...

    6 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Hello buffer my old friend

      It staggers me that we are still getting buffer overflows after 25+ years of this being a really well know exploit.

      Great adaptation of lyrics.

      2 0 Reply
  5. MasterofDisaster

    Another wake-up-call

    The reality underlying this story is that many industrial organizations are ill-equipped to handle firmware updates at scale and safely. In many cases the facilities team (not IT) control the infrastructure, and are not used to pesky firmware updates. Last year Trend Micro estimated that over half of security cameras they tracked in North America had one or more malware agents on them....and probably still do because most camera firmware updates are done with a guy on a ladder sticking a USB in (a process that doesn't scale). Some camera vendors and third parties are developing automated capabilities, but if Schneider thinks updating device firmware will solve things let's hope it's fully automated.

    2 0 Reply
    1. Claptrap314 Silver badge
      Reply Icon

      Re: Another wake-up-call

      Because autoupdates over the web NEVER resulted in security holes.

      2 0 Reply
  6. sanmigueelbeer

    Uh-huh. Suuuuure.

    the UK government is waving a stick at infrastructure firms, warning they could face fines of up to £17m if their cybersecurity is found to be inadequate

    Empty threats if there is no multi-million pound fines dished out.

    1 0 Reply
  7. Gene Cash Silver badge

    Oh and FYI, Schneider owns APC, the folks that make UPSes. If you've ever wondered why their software was so shitty, well now you know.

    0 0 Reply
    1. Will Godfrey Silver badge
      Reply Icon
      Unhappy

      A lot of industrial manufacturers go for Schneider kit because it's mostly cheaper than the competition.

      And...

      err...

      easier to access.

      I wonder why?

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like