A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light. It allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments. The vulnerability (CVE-2021-22779) is one of a slew of bugs addressed by the vendor on Tuesday. In all, Schneider released dozens of new patches and mitigations for various flaws across its entire product portfolio.
Source: https://threatpost.com/unpatched-critical-rce-industrial-utility-takeovers/167751/