The module has multiple hardcoded credentials, which could enable an attacker to bypass the device's authentication mechanism and access the module’s functions, according to an alert by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
The functions that hackers could gain access to include: the Telnet and Windriver debug ports, which could enable a remote attack to view the operation of the module’s firmware, cause a denial of service, modify the module’s memory, and execute arbitrary code; and FTP service, which could allow an attacker to modify the module website, download and run custom firmware, and modify the http passwords.
ICS-CERT said it is working with Schneider Electric and the researcher who reported it, Ruben Santamarta, to plug the vulnerabilities. Schneider has so far produced a fix for the Telnet and Windriver debug port vulnerabilities, which involves removing the Telnet and Windriver services from the modules.
ICS-CERT recommends that users take the following defensive measures to minimize the risk of exploitation of these vulnerabilities: minimize network exposure for all control system device; locate control system networks and devices behind firewalls and isolate them from the business network; and if remote access is required, employ secure methods, such as virtual private networks.