![](https://img.photobucket.com/albums/v704/chanpicco/chanpicco014/schneider-electric%20--%20ecostruxure_products-2_zpszrcelnpd.jpg)
Preface: Business Insider predicts business spending on IoT solutions will hit $6 trillion by 2021.
Technical background: EcoStruxure is Schneider Electric’s IoT-enabled, plug-and-play, open, interoperable architecture and platform, in Homes, Buildings, Data Centres, Infrastructure and Industries.
Vulnerability details:
Security Notification – Embedded Web Servers for Modicon V2 : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon-V2.pdf&p_Doc_Ref=SEVD-2018-327-01
Security Notification – Power Monitoring Expert, Energy Expert : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-347-01+Power+Monitoring+Expert+and+Energy+Expert.pdf&p_Doc_Ref=SEVD-2018-347-01
Comment: Not only a phishing scam trigger a URL redirection vulnerability. It also causes awaken product design weakness let multiple vulnerability occurs. It is a array effect. Since modicon and PLC products contains design limitations. The total 3 layers will be compromised once attack successful implement their phishing scam.