Schneider Electric Security Notification – Nov and Dec 2018

Preface: Business Insider predicts business spending on IoT solutions will hit $6 trillion by 2021.

Technical background: EcoStruxure is Schneider Electric’s IoT-enabled, plug-and-play, open, interoperable architecture and platform, in Homes, Buildings, Data Centres, Infrastructure and Industries.

Vulnerability details:
Security Notification – Embedded Web Servers for Modicon V2 : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon-V2.pdf&p_Doc_Ref=SEVD-2018-327-01

Security Notification – Power Monitoring Expert, Energy Expert : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-347-01+Power+Monitoring+Expert+and+Energy+Expert.pdf&p_Doc_Ref=SEVD-2018-347-01

Comment: Not only a phishing scam trigger a URL redirection vulnerability. It also causes awaken product design weakness let multiple vulnerability occurs. It is a array effect. Since modicon and PLC products contains design limitations. The total 3 layers will be compromised once attack successful implement their phishing scam.

Cyber security technical information

Schneider Electric Security Notification – Nov and Dec 2018

antihackingonline.com