Schneider Electric company is aware of multiple vulnerabilities disclosed on CODESYS Runtime, vendors, including Schneider Electric, Embed CODESYS in their offers.
If successfully exploited, these vulnerabilities could result in a denial of service or, in some cases, in remote code execution on PacDrive Controllers, Modicon Controllers M241 / M262 / M258 / LC058 / M218 and HISCU products.
Affected Products and Versions
PacDrive 3 Controllers: LMC Eco/Pro/Pro2 Version: all
PacDrive Controller LMC078 Version: All
Modicon Controller M241 Version: All
Modicon Controller M251 Version: All
Modicon Controller M262 Version: All
Modicon Controller M258 Version: All
Modicon Controller LMC058 Version: All
Modicon Controller M218 Version: All
HISCU Controller Version: All
Schneider Electric is working very hard to release an upgrade version for all this vulnerabilities fix.
Be in touch for next time!
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices.
• Locate control and safety system networks and remote devices behind firewalls and
isolate them from the business network.
• Install physical controls so no unauthorized personnel can access your industrial control
and safety systems, components, peripheral equipment, and networks.
• Place all controllers in locked cabinets and never leave them in the “Program” mode.
• Never connect programming software to any network other than the network intended for
that device.
• Scan all methods of mobile data exchange with the isolated network such as CDs, USB
drives, etc. before use in the terminals or any node connected to these networks.
• Never allow mobile devices that have connected to any other network besides the
intended network to connect to the safety or control networks without proper sanitation.
• Minimize network exposure for all control system devices and systems and ensure that
they are not accessible from the Internet.
• When remote access is required, use secure methods, such as Virtual Private Networks
(VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the
most current version available. Also, understand that VPNs are only as secure as the
connected devices.
Aw, this was an incredibly good post. Taking a
few minutes and actual effort to generate a very good article… but what can I say… I put things
off a lot and don’t seem to get anything done.
Hello,
Thank you for your comment!
I’ll right away snatch your rss feed as I can’t in finding your email subscription hyperlink or newsletter service.
Do you have any? Please permit me recognize so that I could subscribe.
Thanks.
Dear Vivoslot,
Thank you for your reply and suggest!
Now you have option to subscribe us, in feed, or email.
Thank you so much!
Regards,
CNS Team