- May 4, 2019
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution.
The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL.
Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information.
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Security researchers have disclosed two new vulnerabilities in Schneider Electric Modicon PLCs that could allow for authentication bypass and RCE.