Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Malware Found on USB Drives Shipped With Schneider Solar Products

Schneider Electric recently informed customers that some of the USB flash drives shipped by the company with its Conext ComBox and Conext Battery Monitor products were infected with malware.

Schneider Electric recently informed customers that some of the USB flash drives shipped by the company with its Conext ComBox and Conext Battery Monitor products were infected with malware.

Conext ComBox and Conext Battery Monitor are both part of Schneider’s solar energy offering. ComBox is a communications and monitoring device for installers and operators of Conext solar systems, while Battery Monitor is designed to indicate hours of battery-based runtime and determine the charging state for a battery bank.

According to Schneider, some USB removable media devices shipped with these products were exposed to malware during manufacturing at a third-party supplier’s facility.USB drives shipped by Schneider Electric for Conext products infected with malware

While the France-based industrial giant says the malware should be blocked by all major cybersecurity products, it has advised customers not to use and “securely discard” the compromised devices.

“These USB removable media contain user documentation and non-essential software utilities. They do not contain any operational software and are not required for the installation, commissioning, or operation of the products mentioned above. This issue has no impact on the operation or security of the Conext Combox or Conext Battery Monitor products,” Schneider said in an advisory published last month.

Users who believe they may have accessed one of the potentially impacted flash drives have been advised to perform a full scan of their system. The problematic drives have been shipped with all versions of Conext ComBox (sku 865-1058) and all versions of Conext Battery Monitor (sku 865-1080-01).

SecurityWeek has reached out to Schneider to obtain more information regarding the incident, including how many customers were affected and the type of malware found on the devices, but the company has yet to respond.

Register for SecurityWeek’s 2018 ICS Cyber Security Conference

Incidents involving major companies delivering USB drives infected with malware along the supply chain are not unheard of. Last year, IBM informed customers that it had been shipping malware-infected initialization USBs for its Storwize storage systems, which are used by Lenovo.

Advertisement. Scroll to continue reading.

The pieces of malware involved in these incidents may not have been advanced, but infected USB drives can pose a serious threat to organizations – particularly in industrial environments where air-gapping is often still used to protect critical systems – and sophisticated threat actors have been known to develop complex USB malware.

Related: Schneider Electric Development Tools Affected by Critical Flaw

Related: Critical Flaws Patched in Schneider Building Automation Software

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.