ICS Networks at Risk Due to Flaw in Schneider PLC Simulator

Advertisement


On Tuesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, Indegy CTO Mille Gandelsman disclosed a vulnerability found by the company in Unity Pro, a Windows-based programming, debugging and operating software for Schneider’s programmable logic controllers (PLCs).

Unity Pro, typically deployed on engineering workstations, includes a PLC simulator component that allows users to test applications without the need to connect to the PLC. Before executing code on the PLC itself, x86 instructions can be compiled and loaded into the simulator using .apx files.

Advertisement