Tenable, the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation, wind and solar power facilities in the U.S. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.
