Investing.com UK - Financial Markets Worldwide
Get 40% Off
Get 40% Off
🚨 Volatile Markets? Find Hidden Gems for Serious OutperformanceFind Stocks Now

Schneider Electric says bug in its software exploited in hack

Published 18/01/2018, 16:33
Updated 18/01/2018, 16:40
© Reuters. Schneider Electric says bug in its software exploited in hack

By Jim Finkle

MIAMI BEACH, FLORIDA (Reuters) - Schneider Electric SE (PA:SCHN) disclosed on Thursday that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility.

News of the incident surfaced on Dec. 14, when cyber security firms disclosed that hackers likely working for a nation-state had invaded one of Schneider's Triconex safety systems. Neither Schneider nor cyber experts have identified the victim.

While Schneider previously confirmed the attack had occurred, it initially told customers in an alert that it believed the hack did not exploit a bug in the Triconex system.

Schneider has declined to say what type of plant was attacked, but cyber experts have noted that Triconex systems are widely used by energy firms, including at nuclear facilities, and oil and gas plants.

Schneider security officials were scheduled to discuss the attack during a Thursday morning presentation at the S4 cyber security conference in Miami Beach, Florida. Company officials briefed press on their findings in advance of that presentation.

Hackers exploited a previously unknown security vulnerability in Triconex software to install a remote-access Trojan on the system, said Schneider Electric Global Cyber Security Architect Paul Forney.

That Trojan was designed to cause the safety system to fail, he said.

Schneider is developing a Triconex firmware update that will fix the bug, Forney said, declining to say when it would be available.

While the victim's identity is unknown, one cyber security firm, Dragos, has said it occurred in the Middle East and others have speculated that it was in Saudi Arabia.

3rd party Ad. Not an offer or recommendation by Investing.com. See disclosure here or remove ads .

The hack, which was discovered before the attackers could cause damage to the plant, marks the first report of a safety system breach at an industrial plant. Hackers have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure.

Cyber experts identified it as a watershed attack, saying that it demonstrates a way that hackers could cause physical damage to a plant, or even kill people, by shutting down safety systems in advance of attacking industrial processes.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.