An unauthorised user could have easily exploited this vulnerability to execute a synchronised attack and cause a number of these controllers to stop communicating. This type of unauthorised action would allow a cyber-attacker to massively disconnect the effected PLCs from the HMI leaving the operator with no way to view and control the physical processes on the OT network, while instantly harming the safety and reliability of the ICS systems. The recovery from such an attack would require a reboot of the attacked PLCs and physical access to the controllers, which would cause significant downtime to the ICS network.

Radiflow discovered this vulnerability approximately two months ago and immediately reported it to Schneider Electric, who has since remedied the vulnerability. This vulnerability was registered as CVE-2018-7789.

“Schneider Electric would like to thank Yehonatan Kfir of Radiflow for all his efforts related to identification and coordinate on of this vulnerability,” wrote Schneider Electric in a published security notification about the resolution to this flaw.

At the time that this vulnerability was discovered, Radiflow incorporated the cyber attack signature of the vulnerability into its iSID industrial threat detection system, which immediately positioned the company’s customers to be protected against the exploit while it was being remediated by Schneider Electric.

“For this specific vulnerability, we prevented a potentially dangerous exploit that could have caused extensive damage to the safety, security and operations of numerous industrial enterprises and critical infrastructure operators,” said Yehonatan Kfir, CTO at Radiflow. “Equally as important, we are proud of our threat intelligence research team for its ongoing efforts of detecting new vulnerabilities and improving the cybersecurity protection capabilities of our solutions and the overall operations of our customers.”