A long list of industrial-control modules manufactured by Schneider Electric contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable components. Security researcher Ruben Santamarta discovered and disclosed the problems and the ICS-CERT is warning users about the issue. The devices in question are Ethernet modules that are designed to communicate with programmable logic controllers over a network. Schneider Electric has produced fixes for two of the vulnerabilities he reported and is working on addressing the others.
Source: https://threatpost.com/multiple-vulnerabilities-haunt-long-list-plc-modules-121411/75998/