Source |
CSO |
Identifiant |
8309802 |
Date de publication |
2023-02-13 14:23:00 (vue: 2023-02-13 23:07:29) |
Titre |
PLC vulnerabilities can enable deep lateral movement inside OT networks |
Texte |
Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to other low-level devices.To exemplify such a scenario and highlight the risks, researchers from security firm Forescout used two vulnerabilities they discovered in Schneider Modicon PLCs to move deeper into a simulated OT architecture of a movable bridge and bypass all safety mechanisms to cause physical damage.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
all alter architecture article bridge bypass can cause click connections controllers could damage deep deeper defeating devices discovered efforts enable exemplify far field firm firmware flaws focused forescout from full groups have here highlight however inside ladder lateral layers level logic low maintain mechanisms modicon movable move movement networks non operational other perimeter physical plc plcs please point programmable programs reach read researchers risks routable running safety scenario schneider security segmentation should simulated such target technology them themselves these threat through treated two used vulnerabilities warn who |
Tags |
|
Stories |
|
Notes |
★★★
|
Move |
|