Wago and Schneider Electric OT Products

OT Vulnerability

Wago and Schneider Electric OT Products

Security Researchers Discover Critical Vulnerabilities in Wago and Schneider Electric OT Products

Product and Affected Versions:
– Wago 750 controllers
– Schneider Electric power meters using the ION/TCP protocol
Severity and CVE IDs:
– CVE-2022-46680 (CVSS score: 8.8) – Plaintext transmission of credentials in the ION/TCP protocol used by Schneider Electric power meters.
– CVE-2023-1619 (CVSS score: 4.9) – Denial-of-service (DoS) bug impacting Wago 750 controllers.
– CVE-2023-1620 (CVSS score: 4.9) – Denial-of-service (DoS) bug impacting Wago 750 controllers.
Vulnerability:
– CVE-2022-46680: The vulnerability involves the plaintext transmission of credentials in the ION/TCP protocol used by Schneider Electric power meters. This flaw can potentially allow threat actors to gain control of vulnerable devices.
– CVE-2023-1619 and CVE-2023-1620: These vulnerabilities are denial-of-service (DoS) bugs that affect Wago 750 controllers. An authenticated attacker can exploit these flaws by sending specific malformed packets or specific requests after being logged out, leading to a denial-of-service condition.
How the Attack Works:
– CVE-2022-46680: Attackers can intercept plaintext credentials transmitted over the ION/TCP protocol used by Schneider Electric power meters. By obtaining these credentials, threat actors can gain control of the vulnerable devices and potentially manipulate their operations.
– CVE-2023-1619 and CVE-2023-1620: An authenticated attacker can exploit these DoS vulnerabilities in Wago 750 controllers by sending specific malformed packets or requests. These packets or requests trigger a software or system flaw, causing the affected controller to become unresponsive or crash, leading to a denial-of-service situation.
Remediations:
– CVE-2022-46680: Users should apply the patches provided by Schneider Electric to fix the vulnerability. It is recommended to update the affected power meters with the latest firmware or software versions that address the plaintext transmission of credentials.
– CVE-2023-1619 and CVE-2023-1620: Users of Wago 750 controllers should ensure they are running the latest firmware or software versions provided by Wago. It is essential to keep the devices up to date to mitigate the denial-of-service vulnerabilities. Additionally, implementing strong network security controls and access restrictions can help prevent unauthorized access to the controllers.
References:
Forescout OT:ICEFALL research report