An authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) can lead to remote-code-execution (RCE) The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol. Millions of these PLCs are now deemed to be at risk in what is considered to be a widescale vulnerability. Such controllers are used widely in manufacturing, building services, automation applications, energy utilities, HVAC systems.
Source: https://www.helpnetsecurity.com/2021/07/13/cve-2021-22779/