{"id":610665,"date":"2023-02-16T11:59:23","date_gmt":"2023-02-16T13:59:23","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-chercheurs-mettent-en-garde-contre-des-bogues-de-securite-critiques-dans-les-automates-schneider-electric-modicon\/"},"modified":"2023-02-16T11:59:25","modified_gmt":"2023-02-16T13:59:25","slug":"des-chercheurs-mettent-en-garde-contre-des-bogues-de-securite-critiques-dans-les-automates-schneider-electric-modicon","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-chercheurs-mettent-en-garde-contre-des-bogues-de-securite-critiques-dans-les-automates-schneider-electric-modicon\/","title":{"rendered":"Des chercheurs mettent en garde contre des bogues de s\u00e9curit\u00e9 critiques dans les automates Schneider Electric Modicon"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">16 f\u00e9vrier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Infrastructure critique \/ Cybers\u00e9curit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Les chercheurs en s\u00e9curit\u00e9 ont r\u00e9v\u00e9l\u00e9 deux nouvelles vuln\u00e9rabilit\u00e9s affectant les contr\u00f4leurs logiques programmables (PLC) Schneider Electric Modicon qui pourraient permettre le contournement de l&#8217;authentification et l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>Les d\u00e9fauts, suivis comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-45788\" target=\"_blank\">CVE-2022-45788<\/a> (score CVSS : 7,5) et <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-45789\" target=\"_blank\">CVE-2022-45789<\/a> (score CVSS\u00a0: 8,1), font partie d&#8217;un ensemble plus large de d\u00e9fauts de s\u00e9curit\u00e9 suivis par Forescout sous le nom OT:ICEFALL.<\/p>\n<p>L&#8217;exploitation r\u00e9ussie des bogues pourrait permettre \u00e0 un adversaire d&#8217;ex\u00e9cuter un code non autoris\u00e9, un d\u00e9ni de service ou la divulgation d&#8217;informations sensibles.<\/p>\n<p>La soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 a d\u00e9clar\u00e9 que les lacunes peuvent \u00eatre encha\u00een\u00e9es par un acteur mena\u00e7ant avec des failles connues d&#8217;autres fournisseurs (par exemple, CVE-2021-31886) pour obtenir un mouvement lat\u00e9ral profond dans les r\u00e9seaux de technologie op\u00e9rationnelle (OT).<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/02\/1676555963_647_Des-chercheurs-mettent-en-garde-contre-des-bogues-de-securite.png\" alt=\"vuln\u00e9rabilit\u00e9 scada plc\" border=\"0\" data-original-height=\"330\" data-original-width=\"728\" title=\"vuln\u00e9rabilit\u00e9 scada plc\"\/><\/div>\n<p>&#8220;Le mouvement lat\u00e9ral profond permet aux attaquants d&#8217;acc\u00e9der en profondeur aux syst\u00e8mes de contr\u00f4le industriels et de traverser des p\u00e9rim\u00e8tres de s\u00e9curit\u00e9 souvent n\u00e9glig\u00e9s, leur permettant d&#8217;effectuer des manipulations hautement granulaires et furtives ainsi que de contourner les limitations fonctionnelles et de s\u00e9curit\u00e9&#8221;, a d\u00e9clar\u00e9 Forescout. <a rel=\"nofollow noopener\" href=\"https:\/\/www.forescout.com\/blog\/deep-lateral-movement-in-ot-networks-when-is-a-perimeter-not-a-perimeter\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>Une attaque cyber-physique de preuve de concept (PoC) tr\u00e8s complexe con\u00e7ue par la soci\u00e9t\u00e9 bas\u00e9e \u00e0 San Jose a r\u00e9v\u00e9l\u00e9 que les failles pouvaient \u00eatre militaris\u00e9es pour contourner les garde-corps de s\u00e9curit\u00e9 et infliger des dommages \u00e0 une infrastructure de pont mobile.<\/p>\n<p>Alors que les acteurs de la menace concoctent des logiciels malveillants sophistiqu\u00e9s pour perturber les syst\u00e8mes de contr\u00f4le industriels, le mouvement lat\u00e9ral profond offert par ces failles pourrait permettre aux adversaires d&#8217;utiliser un &#8220;dispositif inint\u00e9ressant comme point de d\u00e9part pour se diriger vers des cibles plus int\u00e9ressantes&#8221;.<\/p>\n<p>Selon la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 Otorio, les d\u00e9couvertes font suite \u00e0 38 failles de s\u00e9curit\u00e9 qui ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans les appareils de l&#8217;Internet des objets industriel sans fil (IIoT) et qui pourraient accorder \u00e0 un attaquant une ligne d&#8217;acc\u00e8s directe aux r\u00e9seaux OT.<\/p>\n<p>Prises ensemble, les faiblesses soulignent \u00e9galement les menaces r\u00e9elles pesant sur les op\u00e9rations physiques des appareils IoT, des plates-formes de gestion bas\u00e9es sur le cloud et des r\u00e9seaux OT imbriqu\u00e9s.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/02\/researchers-warn-of-critical-security.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80216 f\u00e9vrier 2023\ue804Ravie LakshmananInfrastructure critique \/ Cybers\u00e9curit\u00e9 Les chercheurs en s\u00e9curit\u00e9 ont r\u00e9v\u00e9l\u00e9 deux nouvelles vuln\u00e9rabilit\u00e9s affectant les contr\u00f4leurs logiques programmables (PLC) Schneider Electric Modicon qui pourraient permettre le contournement de l&#8217;authentification et l&#8217;ex\u00e9cution de code \u00e0 distance. Les d\u00e9fauts, suivis comme CVE-2022-45788 (score CVSS : 7,5) et CVE-2022-45789 (score CVSS\u00a0: 8,1), font partie d&#8217;un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":610666,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[90843,14862,12848,4168,841,5729,4158,4165,4161,429,133,42062,525,4157,4159,4171,4170,65,4167,3915,4160,146311,4163,4162,1101,1835,4172,4169,4166,4164],"class_list":["post-610665","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-automates","tag-bogues","tag-chercheurs","tag-comment-pirater","tag-contre","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-des","tag-electric","tag-garde","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mettent","tag-mises-a-jour-de-la-cybersecurite","tag-modicon","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-schneider","tag-securite","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/610665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=610665"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/610665\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/610666"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=610665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=610665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=610665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}