Two security vulnerabilities in Schneider Electric’s programmable logic controllers (PLCs) could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. The issues are present in company s EcoStruxure Machine Expert v1.0 PLC management software and in the firmware for the M221 PLC, version 1.10.2.2, respectively. PLCs are key pieces of equipment in environments such as electric utilities and factories, and are a key part of operational technology (OT) networks.
Source: https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/