Security Experts:

Connect with us

Hi, what are you looking for?



Malware Found on USB Drives Shipped With Schneider Solar Products

Schneider Electric recently informed customers that some of the USB flash drives shipped by the company with its Conext ComBox and Conext Battery Monitor products were infected with malware.

Schneider Electric recently informed customers that some of the USB flash drives shipped by the company with its Conext ComBox and Conext Battery Monitor products were infected with malware.

Conext ComBox and Conext Battery Monitor are both part of Schneider’s solar energy offering. ComBox is a communications and monitoring device for installers and operators of Conext solar systems, while Battery Monitor is designed to indicate hours of battery-based runtime and determine the charging state for a battery bank.

According to Schneider, some USB removable media devices shipped with these products were exposed to malware during manufacturing at a third-party supplier’s facility.USB drives shipped by Schneider Electric for Conext products infected with malware

While the France-based industrial giant says the malware should be blocked by all major cybersecurity products, it has advised customers not to use and “securely discard” the compromised devices.

“These USB removable media contain user documentation and non-essential software utilities. They do not contain any operational software and are not required for the installation, commissioning, or operation of the products mentioned above. This issue has no impact on the operation or security of the Conext Combox or Conext Battery Monitor products,” Schneider said in an advisory published last month.

Users who believe they may have accessed one of the potentially impacted flash drives have been advised to perform a full scan of their system. The problematic drives have been shipped with all versions of Conext ComBox (sku 865-1058) and all versions of Conext Battery Monitor (sku 865-1080-01).

SecurityWeek has reached out to Schneider to obtain more information regarding the incident, including how many customers were affected and the type of malware found on the devices, but the company has yet to respond.

Register for SecurityWeek’s 2018 ICS Cyber Security Conference

Incidents involving major companies delivering USB drives infected with malware along the supply chain are not unheard of. Last year, IBM informed customers that it had been shipping malware-infected initialization USBs for its Storwize storage systems, which are used by Lenovo.

The pieces of malware involved in these incidents may not have been advanced, but infected USB drives can pose a serious threat to organizations – particularly in industrial environments where air-gapping is often still used to protect critical systems – and sophisticated threat actors have been known to develop complex USB malware.

Related: Schneider Electric Development Tools Affected by Critical Flaw

Related: Critical Flaws Patched in Schneider Building Automation Software

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...