{"id":793119,"date":"2023-06-20T18:21:27","date_gmt":"2023-06-20T20:21:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-chercheurs-exposent-de-nouvelles-failles-graves-dans-les-produits-wago-et-schneider-electric-ot\/"},"modified":"2023-06-20T18:21:30","modified_gmt":"2023-06-20T20:21:30","slug":"des-chercheurs-exposent-de-nouvelles-failles-graves-dans-les-produits-wago-et-schneider-electric-ot","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-chercheurs-exposent-de-nouvelles-failles-graves-dans-les-produits-wago-et-schneider-electric-ot\/","title":{"rendered":"Des chercheurs exposent de nouvelles failles graves dans les produits Wago et Schneider Electric OT"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">20 juin 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Technologie op\u00e9rationnelle<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Trois vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans les produits de technologie op\u00e9rationnelle (OT) de Wago et Schneider Electric.<\/p>\n<p>Les d\u00e9fauts, selon Forescout, font partie d&#8217;un ensemble plus large de lacunes appel\u00e9es collectivement <strong>OT\u00a0: CHUTE DE GLACE<\/strong>qui comprend d\u00e9sormais un total de 61 num\u00e9ros provenant de 13 fournisseurs diff\u00e9rents.<\/p>\n<p>&#8220;OT: ICEFALL d\u00e9montre la n\u00e9cessit\u00e9 d&#8217;un examen plus approfondi et d&#8217;am\u00e9liorations des processus li\u00e9s \u00e0 la conception s\u00e9curis\u00e9e, aux correctifs et aux tests chez les fournisseurs d&#8217;appareils OT&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.forescout.com\/blog\/ot-icefall-ot-security-design-and-patching\/\" target=\"_blank\">a dit<\/a> dans un rapport partag\u00e9 avec The Hacker News.<\/p>\n<p>Le plus grave des d\u00e9fauts est <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-46680\" target=\"_blank\">CVE-2022-46680<\/a> (score CVSS : 8,8), qui concerne la transmission en clair des informations d&#8217;identification dans le protocole ION\/TCP utilis\u00e9 par les wattm\u00e8tres de Schneider Electric.<\/p>\n<div class=\"check_two clear badbox\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/netspi-in-2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/06\/1686048876_77_Alerte-Zero-Day-Google-publie-un-correctif-pour-la-nouvelle-vulnerabilite.jpg\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>L&#8217;exploitation r\u00e9ussie du bogue pourrait permettre aux pirates de prendre le contr\u00f4le des appareils vuln\u00e9rables.  Il convient de noter que CVE-2022-46680 est l&#8217;une des 56 failles d\u00e9couvertes \u00e0 l&#8217;origine par Forescout en juin 2022.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/06\/1687292487_909_Des-chercheurs-exposent-de-nouvelles-failles-graves-dans-les-produits.jpg\" alt=\"Technologie op\u00e9rationnelle\" border=\"0\" data-original-height=\"241\" data-original-width=\"728\" title=\"Technologie op\u00e9rationnelle\"\/><\/div>\n<p>Les deux autres nouvelles failles de s\u00e9curit\u00e9 (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-1619\" target=\"_blank\">CVE-2023-1619<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-1620\" target=\"_blank\">CVE-2023-1620<\/a>scores CVSS : 4.9) concernent des bogues de d\u00e9ni de service (DoS) affectant les contr\u00f4leurs WAGO 750 qui pourraient \u00eatre activ\u00e9s par un attaquant authentifi\u00e9 en envoyant des paquets malform\u00e9s sp\u00e9cifiques ou des requ\u00eates sp\u00e9cifiques apr\u00e8s avoir \u00e9t\u00e9 d\u00e9connect\u00e9.<\/p>\n<p>En conclusion de la recherche OT:ICEFALL, Forescout note que les fournisseurs n&#8217;ont toujours pas une compr\u00e9hension fondamentale des pratiques de s\u00e9curit\u00e9 d\u00e8s la conception et qu&#8217;ils publient des correctifs incomplets et ne mettent pas en \u0153uvre les proc\u00e9dures de test de s\u00e9curit\u00e9 appropri\u00e9es.<\/p>\n<p>&#8220;C&#8217;est inqui\u00e9tant, car au fur et \u00e0 mesure que les produits OT commencent \u00e0 mettre en \u0153uvre des contr\u00f4les de s\u00e9curit\u00e9 et finissent par \u00eatre certifi\u00e9s, la perception de leur posture de s\u00e9curit\u00e9 pourrait changer et le sentiment d&#8217;urgence autour des contr\u00f4les compensatoires pourrait diminuer &#8211; conduisant \u00e0 un faux sentiment de s\u00e9curit\u00e9&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/06\/researchers-expose-new-severe-flaws-in.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80220 juin 2023\ue804Ravie LakshmananTechnologie op\u00e9rationnelle Trois vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans les produits de technologie op\u00e9rationnelle (OT) de Wago et Schneider Electric. Les d\u00e9fauts, selon Forescout, font partie d&#8217;un ensemble plus large de lacunes appel\u00e9es collectivement OT\u00a0: CHUTE DE GLACEqui comprend d\u00e9sormais un total de 61 num\u00e9ros provenant de 13 fournisseurs diff\u00e9rents. &#8220;OT: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":793120,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[12848,4168,4158,4165,4161,429,133,42062,39576,4806,5106,4157,4159,4171,4170,65,4167,4160,120,4163,4162,2726,1101,4172,4169,4166,4164,169544],"class_list":["post-793119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-chercheurs","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-des","tag-electric","tag-exposent","tag-failles","tag-graves","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-produits","tag-schneider","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-wago"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/793119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=793119"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/793119\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/793120"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=793119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=793119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=793119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}