Last Updated on 28/02/2022 by Nidhi Khandelwal
Schneider Electric’s Easergy medium voltage protection relays are vulnerable to several vulnerabilities, according to the US Cybersecurity and InfrastructureSchneider Electric patched the weaknesses detected and reported by Red Balloon Security researchers Timothée Chauvin, Paul Noalhyt, and Yuan Shi Wu as part of updates released on January 11, 2022.
The warning comes less than ten days after CISA issued another alert warning of multiple critical vulnerabilities in Schneider Electric’s Interactive Graphical SCADA System (IGSS) that, if exploited, could lead to “data disclosure and loss of control of the SCADA system with IGSS running in production mode.” Security Agency (CISA).
“Successful exploitation of these vulnerabilities may reveal device credentials, trigger a denial-of-service scenario, device reboot, or allow an attacker to acquire full control of the relay,” according to a notice issued by the agency on February 24, 2022. “Your electrical network’s protection may be compromised as a result of this.”
In related news, the US Federal Bureau of Investigation has issued a security alert for General Electric’s Proficy CIMPLICITY SCADA software, warning of two security flaws that might be exploited to divulge sensitive information, gain code execution, and escalate local privileges.
The advisories follow a report from industrial cybersecurity firm Dragos that found that 24 percent of the total 1,703 ICS/OT vulnerabilities reported in 2021 had no patches available, with 19 percent having no mitigation, preventing operators from taking any steps to protect their systems from potential threats.
Dragos also discovered malicious activity from three new groups that were discovered targeting ICS systems last year, including Kostovite, Erythrite, and Petrovite, which each targeted the OT environments of renewable energy, electrical utility, and mining and energy firms in Canada, Kazakhstan, and the United States.