The company announced that some of the USB drives it has shipped with its conext ComBox and Conext Battery Monitor products were infected with malware
Schneider Electric has found a malicious code in the USB drives that have been sent with the products Conext ComBox and Conext Battery Monitor, as reported by ethical hacking specialists from the International Institute of Cyber Security.
Both products are part of the supplier’s solar power supply. ComBox is a communications and monitoring device for installers and operators of Conext solar systems. The Conext Battery Monitor indicates hours of battery-based operating time and determines the charging status of the battery bank. Contaminated units have been shipped with all versions of Conext ComBox and all versions of Conext Battery Monitor.
Schneider revealed that USB drives were infected with malware during manufacturing on the facilities of an external vendor.
“Schneider Electric is aware that USB drives included with the Conext Combox and Conext Battery Monitor products may have been exposed to malware during manufacturing on a third party premises”, says the security notice published by the company.
The good news, according to experts in ethical hacking, is that the malware found on the USB drives was easy to detect for almost any antivirus software, anyway, the company is recommending customers not to use them and safely discard the infected devices.
“Schneider Electric reports that malware should be detected and blocked by all major antivirus programs. Schneider Electric recommends that these removable USB media not be used”, the warning continues.
“These removable USB drives contain user documentation and non-essential software utilities. They do not contain any operating software and are not required for the installation, execution or operation of the products listed above. This problem has no impact on the operation or safety of the Conext Combox or Conext Battery Monitor products”, the security alert concludes.
Ethical hacking specialists recommend users who believe they may have used infected USB drives to scan their system for the presence of malicious code.
Still, the extent of the incident is unclear, however, this case is only the latest in a series of attacks on manufacturing service companies raised in recent years.