> Despite I'm releasing this information when there is still no patch available, It has been my decission. I reported it to the ICS-CERT months ago, I would like to thank the ICS-CERT and the Schneider security team, they have taken these issues very seriously and are working on a patch. During the process they have been keeping me updated on every decission/progress. However, time ago I decided to change my disclosure policy.
Playing devil's advocate: As the title says, the vendor included backdoors in the application. I'm not sure I can trust them and their clearly irresponsible development practices to patiently wait for them to handle this on their own.
Almost all PLCs have back doors. Just because it uses Ethernet doesn't mean it does anything fancy. Almost all the PLCs I am aware of simply wrap existing RS 232 protocols over IP from the 80s and even earlier. Most of the plants actually seem to want these back doors, because downtime at a production facility is incredibly expensive.
PLCs are not designed to externally accessible, ever. The back doors are completely irrelevant anyway given that the PLC will accept any packet from anywhere, and perform the operation. The RS-232 commands are functions such as "enable bit", "disable bit", "set value", "read value", for actuating inputs and outputs.
Nope, the only thing lousy is not saying it sooner. I am glad he decided that he will not be complicit in such reprehensible behavior from a vendor. Knowingly exposing your customers to harm without disclosure should have stiff penalties.
That's a lousy disclosure policy.