News Date

The Cybe­rLAB team disco­ve­red a vul­ne­ra­bi­lity in the firm­ware of Schne­ider Elec­tri­c’s M241 and M251 PLCs. It allo­wed a buf­fer over­flow in a con­trol­ler with a spe­cial HTTP requ­est and con­se­qu­en­tly cau­sed its failure. The device requ­ires a restart in order to restore ope­ra­tion. For con­trol­lers respon­si­ble for cri­ti­cal pro­duc­tion ope­ra­tions, such sud­den, unplan­ned down­time can have serious finan­cial and safety impli­ca­tions. Given the rela­tive ease of explo­iting the dri­ver in case of having access to a device, it Was impor­tant to eli­mi­nate the vul­ne­ra­bi­lity for secure device ope­ra­tion.

In line with respon­si­ble disc­lo­sure best prac­ti­ces, the Cybe­rLAB team has repor­ted this vul­ne­ra­bi­lity to the Schne­ider Elec­tric secu­rity team at first, pro­vi­ding full bug docu­men­ta­tion, and held public disc­lo­sure of the deta­ils until the manu­fac­tu­rer issued a fix. The error has been assi­gned CVE-2021-22699 num­ber and the deta­ils and rele­vant recom­men­da­tions have been publi­shed at: https: //down­load. schne­ider-elec­tric. com/fi­les? p_Do­c_Re­f=SEVD-2021-130-05. The manu­fac­tu­rer expres­sed appre­cia­tion for NCBJ staff for their assi­stance in iden­ti­fy­ing the vul­ne­ra­bi­lity and coor­di­na­ting efforts to reme­diate it.

„In the Cybe­rLAB labo­ra­tory, a tech­ni­que cal­led fuz­zing of fuz­zing testing is used to search for vul­ne­ra­bi­li­ties. The method con­si­sts of sen­ding a large num­ber of appro­pria­tely modi­fied data pac­kets to the device fol­lo­wing the selec­ted com­mu­ni­ca­tion pro­to­col and obse­rving whe­ther there are any une­xpec­ted results” – expla­ins eng. Jakub Sucho­rab. He also adds: „This is not the first big suc­cess of our team. In 2018, we came across ano­ther vul­ne­ra­bi­lity in com­monly used con­trol­lers, for instance, in nuc­lear instal­la­tions. Our work streng­thens cybersecu­rity in every field of indu­stry and science”.

The Cybe­rLAB labo­ra­tory Was esta­bli­shed as a result of the par­ti­ci­pa­tion of the Natio­nal Cen­ter for Nuc­lear Rese­arch in the „Enhan­cing Com­pu­ter Secu­rity Inci­dent Ana­ly­sis at Nuc­lear Faci­li­ties” pro­gram, which Was con­duc­ted by the Inter­na­tio­nal Ato­mic Energy Agency. The goal of the labo­ra­tory is to test indu­strial devi­ces, inc­lu­ding sear­ching for vul­ne­ra­bi­li­ties in pro­grammable logic con­trol­lers (PLCs) com­monly used in all indu­strial auto­ma­tion instal­la­tions.

The Cybe­rLAB team is con­stan­tly invo­lved in testing more indu­strial devi­ces. In addi­tion, the labo­ra­tory is being expan­ded with appro­priate equ­ip­ment and com­pe­ten­cies and is repor­ting readi­ness to pro­vide custo­mi­zed cybersecu­rity servi­ces, spe­ci­fi­cally:

  • Sear­ching for vul­ne­ra­bi­li­ties in devi­ces pro­vided by the custo­mer using fuzz testing method. The offer covers a wide range of com­mu­ni­ca­tion pro­to­cols (inc­lu­ding indu­strial ones) and tech­ni­cal ana­ly­sis of the vul­ne­ra­bi­li­ties. Testing PLCs, fire­walls, network devi­ces, indu­strial Inter­net of Things (IoT) is part of the offer.
  • Testing the effec­ti­ve­ness of secu­rity solu­tions such as ano­maly detec­tion sys­tems in indu­strial networks. Due to expe­rience in vul­ne­ra­bi­lity testing, it is possi­ble to Test the response of secu­rity sys­tems to real explo­ita­tions hap­pe­ning in the infra­struc­ture, inc­lu­ding both sin­gu­lar vul­ne­ra­bi­li­ties and com­plex attacks.

The labo­ra­tory infra­struc­ture allows to simu­late com­plex indu­strial and cor­po­rate envi­ron­ments.

Sterownik PLC