2011 SCADA flaw finally fixed
Schneider Electric have finally shipped fixes for flaws in their Quantum Ethernet Module – flaws that were reported in December 2011 – according to an updated ICS-CERT advisory. The flaws concerned hard coded passwords for telnet, FTP and debug services in the company's network interfaces.
The problem was discovered by security expert Rubén Santamarta who had examined the device's firmware and identified the backdoor passwords. The telnet and debug port offered the ability to view the module's firmware, modify the memory, cause a denial of service or execute arbitrary code. The FTP port could allow the attacker to modify the module's web site or modify HTTP passwords. Around a month later, Schneider Electric released firmware with "a patch for a portion of the reported vulnerabilities".
It appears, though, that that portion was very small as the company has now, nearly a year and a half later, shipped firmware updates which remove the telnet and debug services from the firmware. The changes should not affect the functionality of the devices say Schneider Electric as the ports were only used for advanced troubleshooting and development. Download links for the new firmware are in the ICS-Cert advisory. The company adds that it had also created a patch that adds the ability for the FTP service to be disabled from the HTTP front end on the device.