Schneider Electric has patched a vulnerability disclosed by Team82 in its Modicon M221 PLCs and EcoStruxure Machine Expert-Basic products.
All versions of each products are affected, and Schneider Electric recommends a number of mitigations to address these issues.
The vulnerability involves the use of a one-way hash with a predictable salt.
An attacker could use a brute-force attack to pre-compute a hash value and access the affected product.
This vulnerability follows a November 2020 disclosure of authentication and encryption flaws in the M221 PLC by Team82
Schneider Electric, a leading digital automation company, disclosed today another vulnerability discovered by Team82 in its Modicon M221 programmable logic controller (PLC) and EcoStruxure Machine Expert-Basic. The issue follows a Nov. 10 disclosure of four authentication and encryption flaws in the M221 PLC.
The M221 PLC controls basic automation for machines, and is configured using the EcoStruxure Machine Expert-Basic software. All versions of the products are affected by these vulnerabilities. Schneider Electric recommends a number of mitigations to address these vulnerabilities. ICS-CERT, today, also updated its advisory.
The latest flaw, CVE-2020-28214, aligns to Common Weakness Enumeration 760 (CWE-760): use of a one-way hash with a predictable salt. An attacker able to exploit this vulnerability could use a rainbow table dictionary attack, image below, to pre-compute a hash value, negating the benefits that an unpredictable salt would offer. Salt is random cryptographic data added to one-way functions that hash data in order to add a measure of uniqueness to, for example, weak passwords. Experts caution, however, that attackers with enough computing power are able to crack salted hashes.
Claroty, in June, privately disclosed these vulnerabilities in the Schneider Electric products. The company has steadily addressed almost a dozen flaws in the M221 since 2017 related to authentication and encryption, an important evolution in the security of these devices as more and more industrial systems are connected to the internet. Attackers have tools at their disposal to find and exploit vulnerabilities in connected devices; locking down access to them is a crucial step to keeping devices and organizations using them safe. Schneider has effectively done so, replacing, in recent years, clear-text passwords with hashes, adding server-side authentication, and encrypting key exchanges and data.
The Nov. 10 public disclosure and update further tightened up some of those previously addressed security measures. Users are urged to follow Schneider Electric's mitigation advice, below.
Meanwhile, exploits against these vulnerabilities can only be carried out by attackers who have already gained a foothold on a M221 device. Attackers already on the device would be able to capture traffic between the M221 and EcoStruxure Machine Expert-Basic and break weak encryption methods protecting upload and download data or authentication attempts. Cryptographic key exchanges are also vulnerable to exploits because of a weak Diffie-Hellman key-exchange implementation securing read-write data and password hashes during authentication. An attacker who is able to capture enough traffic should be able to deduce the client-side or server-side secret in either exchange and would be able to break encrypted read-write commands and the encrypted password hashes. This puts the entire key-exchange mechanism at risk.
Schneider Electric recommends the following mitigations:
Set up network segmentation and implement a firewall to block all unauthorized access to port.
Within the Modicon M221 application, the user must:
Disable all unused protocols, especially Programming protocol. This action will prevent unintended remote programming access.
Set a password to protect the project.
Set a password for read access on the controller.
Set a different password for write access on the controller.
Here is a recap of the five vulnerabilities:
CVE-2020-28214 Related CWE-760: Use of a One-Way Hash with a Predictable Salt—The M221 and EcoStruxure Machine Basic use a predictable salt that would be vulnerable to an attacker already on the device who would be able to pre-compute a hash value using a rainbow table dictionary attack.
The following vulnerabilities were disclosed Nov. 10:
CVE-2020-7565 Related CWE-326: Inadequate Encryption Strength—Read/Write encryption uses a 4-byte XOR key for data encryption, a weak implementation that can be broken using a known plaintext attack where data may be read in certain memory regions without authentication, or statistical analysis of repetitive sequences of XOR keys in traffic.
CVE-2020-7566 Related CWE-334: Small Space of Random Values—A weak key exchange method or read/write encryption where a too small of a Diffie-Hellman secret is used and the 4-byte XOR key can be uncovered.
CVE-2020-7567 Related CWE-311: Missing Encryption of Sensitive Data—Password hashes can be uncovered in upload-download communications between the PLC and the EcoStruxure Machine Expert Basic software. An attacker who is able to deduce the XOR key using another of these vulnerabilities may use that same key to find the password hash and use a Pass-the-Hash attack to authenticate themselves to the PLC.
CVE-2020-7568 Related CWE-200: Exposure of Sensitive Information to an Unauthorized Actor—Some sections or memory are readable without entering a password, even if read and write protections are activated.
USE OF A ONE-WAY HASH WITH A PREDICTABLE SALT CWE-760
A use of a one-way hash with a predictable salt vulnerability exists that could allow the attacker to pre-compute the hash value using a dictionary attack, effectively disabling the protection that an unpredictable salt would provide.
Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities
CVSS v3: 3.3
EXPOSURE OF SENSITIVE INFORMATION CWE-200
An exposure of sensitive information to an unauthorized actor vulnerability exists that could allow non-sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities
CVSS v3: 3.1
MISSING ENCRYPTION OF SENSITIVE DATA CWE-311
A missing encryption of sensitive data vulnerability exists that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and has broken the encryption keys.
Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities
CVSS v3: 7.1
SMALL SPACE OF RANDOM VALUES CWE-334
A small space of random values vulnerability exists that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities
CVSS v3: 7.1
INADEQUATE ENCRYPTION STRENGTH CWE-326
An inadequate encryption strength vulnerability exists that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Read more: Update to Recent Schneider Electric M221 PLC Vulnerabilities
CVSS v3: