Security Flaws Discovered in Wago and Schneider Electric Operational Technology Products
Recent findings have revealed three significant security vulnerabilities affecting operational technology (OT) products developed by Wago and Schneider Electric. According to reports from Forescout, these vulnerabilities are part of a more extensive collection of issues known collectively as OT:ICEFALL, which includes a total of 61 defects spanning across 13 different vendors. This ongoing concern underscores the pressing need for enhanced scrutiny and improvement in secure design, patching, and testing protocols among OT device manufacturers.
Among the most critical vulnerabilities identified is CVE-2022-46680, which has received a CVSS score of 8.8, highlighting its severity. This particular flaw involves the transmission of plaintext credentials within the ION/TCP protocol used by Schneider Electric’s power meters. The implications of such a vulnerability are serious; it could allow malicious actors to gain unauthorized control over compromised devices.
The threat posed by this issue is heightened by the fact that CVE-2022-46680 was one of 56 vulnerabilities uncovered by Forescout in June 2022, indicating a systemic problem within the sector. Successful exploitation could lead to severe operational disruptions and potential data breaches, showcasing vulnerabilities that could be exploited through various MITRE ATT&CK tactics. Adversaries may leverage techniques such as initial access using network exploitation, followed by privilege escalation, to gain greater control over assets.
In addition to CVE-2022-46680, two additional vulnerabilities—CVE-2023-1619 and CVE-2023-1620—highlight the risks of denial-of-service (DoS) attacks on WAGO 750 controllers. Like CVE-2022-46680, these flaws have a CVSS score of 4.9 and can be triggered by authenticated attackers sending malformed packets or specific requests post-logout. The potential for these vulnerabilities to cause service disruptions reinforces the critical need for organizations to address their cybersecurity posture.
Forescout’s conclusions from the OT:ICEFALL research indicate that many vendors still lack a fundamental grasp of secure-by-design principles. Common pitfalls include the release of incomplete patches and the absence of rigorous security testing procedures. This gap in knowledge poses an alarming risk, especially as companies increasingly implement security controls and pursue certification. Such actions could lead to a false sense of security and reduce the urgency around implementing compensating controls.
For businesses relying on OT products, these vulnerabilities present a significant issue. Companies must understand the implications of these security flaws and recognize the potential for attacks that exploit such weaknesses. By integrating protections across their networks and staying informed on vulnerabilities, organizations can better prepare for the evolving threat landscape.
In conclusion, this development serves as a stark reminder that the security of OT products requires constant vigilance and improvement. As cybersecurity incidents continue to rise, it is crucial for organizations to remain proactive in their defense strategies, ensuring that adequate measures are in place to protect against emerging threats. With the ever-changing nature of cyber risks, the focus on understanding and mitigating potential vulnerabilities has never been more critical.
For ongoing updates on such vulnerabilities and their implications, stakeholders are encouraged to follow reputable channels in cybersecurity news. Being informed is the first step toward enhancing organizational resilience against cyber threats.
