Workstation software flaw exposes industrial control systems to hacking
The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.
The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes — spinning motors, opening and closing valves, etc. — inside factories, power stations, gas refineries, public utilities and other industrial installations.
Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.