Schneider Electric power meters revealed to be impacted by final OT:ICEFALL bug

Schneider Electric's ION and PowerLogic power meters are being affected by a high-severity vulnerability, tracked as CVE-2022-46680, which could be leveraged to obtain credential access and facilitate configuration setting and firmware modifications, according to The Record, a news site by cybersecurity firm Recorded Future. Such a vulnerability is the last of the 56 operational technology flaws revealed by Forescout as part of its OT:ICEFALL disclosures last year, with the deferral requested by Schneider Electric as it sought to remediate the bug, said Forescout Head of Security Research Daniel dos Santos. Remediations and mitigations for the flaw have been issued by Schneider Electric last month. Also identified by Forescout were two OT flaws impacting WAGO automation controllers widely used in critical infrastructure organizations. Addressing such vulnerabilities has been noted by dos Santos to be crucial amid the ongoing Russia-Ukraine conflict and increasing hacktivist attacks. "So I would say these vulnerabilities are not complicated at all to exploit compared to some others that we have seen exploited in the past. They could be exploited by other types of attackers," added dos Santos.