German carmakers face forced labor allegations | Environmentalists defeat miners in Australia | Serious industrial automation vulnerabilities found

Welcome to Portfolio Intelligence Daily, where we spotlight under the radar investment themes and idiosyncratic risks, often involving emerging markets, supply chain issues, ESG risks, and the impact of regulatory changes.

Today:?

• German carmakers face allegations over forced labour in their supply chains
• Environmentalists force mining giants out of Western Australia forest
• New vulns found in Wago and Schneider Electric OT products

Theme summaries are curated by Auquan’s analyst team using our Portfolio Intelligence Engine to uncover investment insights at scale using NLP and generative AI.?

German carmakers face allegations over forced labour in their supply chains

Germany's top carmakers, Volkswagen, BMW, and Mercedes-Benz, have been accused of not doing enough to prevent forced labour in their supply chains in Xinjiang, China.

This development highlights the importance of due diligence for companies that operate in global supply chains.

• The European Center for Constitutional and Human Rights (ECCHR) filed a complaint with Germany's export control office, claiming that the carmakers had not taken adequate steps to prevent their suppliers in the region from using forced labour.
• The carmakers have denied the allegations, but the ECCHR points to evidence that their suppliers have ties to companies operating in or near Xinjiang, where the Chinese government has been accused of detaining over a million Uyghurs and other Muslim minorities in a vast system of camps.
• Volkswagen has a plant in Xinjiang's capital that runs quality checks on cars for sale in the region.
• The carmakers have stated their commitment to human rights and have indicated that they are working to ensure that their supply chains are free of forced labour.

"By the plant, there are seven concentration camps ... so this is what Volkswagen cannot deny, but they say they are not connected with them." — Erkin Zunun, chief coordinator of the World Uyghur Congress

"We are in contact with our suppliers and whenever concerns are raised, we push suppliers for clarification." — statement from Mercedes-Benz

Select timeline

• June 21, 2023 | German carmakers challenged over Xinjiang due diligence in rights group complaint (Reuters)
• June 20, 2023 | Volkswagen, BMW and Mercedes hit by Xinjiang forced labour complaint (FT)
• June 20, 2023 | What genocide? Volkswagen’s morally expensive bet on China (Politico)

Tags: #forcedlabor #mercedes #vw #bmw #uyghurs #xinjiang #china #supplychain #esg

Environmentalists force mining giants out of Western Australia forest

Rio Tinto and Alcoa have withdrawn exploration applications in Western Australia's Jarrah forest, a major victory for conservationists who have been fighting the company's plans for years.

• The company had been seeking to explore for iron ore in the forest, which is home to a number of threatened species
• The decision to withdraw the applications was made after Rio Tinto received significant opposition from the community, including from the WA Forest Alliance, which has been campaigning against the company's plans since 2018
• Rio Tinto is still exploring for iron ore in other parts of Western Australia, but the company has said that it will not explore for iron ore in the Jarrah forest again
• Alcoa also applied for exploration licences in the area, but has also withdrawn its application

“There is no social license for new mines in the forests, and Rio Tinto has made the right decision in withdrawing its applications; it is a big win for the forests.” — Jess Beckerling, director of the WA Forest Alliance

Select timeline

• June 21, 2023 | Rio Tinto’s withdrawal from exploration a ‘big win’ for WA’s jarrah forests (The Sydney Morning Herald)
• June 20, 2023 | Mining giants Rio Tinto and Alcoa drop plans to explore WA's South West following community pressure (ABC AU)

Tags: #mining #riotinto #alcoa #australia #esg ?

New vulns found in Wago and Schneider Electric OT products

Researchers have disclosed details of new serious vulnerabilities in two industrial automation products from Wago and Schneider Electric, two of the leading manufacturers of operational technology (OT) products used to control and monitor industrial processes.

• The vulnerabilities, which were found in Wago's 750-885 IIoT gateway and Schneider Electric's Modicon M221 PLC, could allow an attacker to gain remote access to the devices.
• The Wago vulnerability is a remote code execution (RCE) flaw that could allow an attacker to execute arbitrary code on the device. The Schneider Electric vulnerability is a denial-of-service (DoS) flaw that could cause the device to crash.
• Wago has released a firmware update to address the vulnerability in its gateway, while Schneider Electric is working on a firmware update to address the vulnerability in its PLC.
• These vulnerabilities highlight the importance of security in industrial automation products, which are increasingly connected to the internet and more vulnerable to attack.

"OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to secure design, patching and testing in OT device vendors." — Forescout company statement

Select timeline

• June 20, 2023 | Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products (The Hacker News)
• June 20, 2023 | OT:Icefall: Vulnerabilities Identified in Wago Controllers (SecurityWeek)
• January 18, 2023 | WAGO fixes config export flaw threatening data leak from industrial devices (PortSwigger)

Tags: #security #cyber #dataleak #wago #schneiderelectric ?

While you’re here…

If you find these kinds of insights interesting, consider subscribing!?

If you’d like our deeper analysis on any of these themes or to learn about Auquan’s Portfolio Intelligence Engine and how it can expand the scale and scope of your investment research, let’s talk !

#portfoliomanagement #ai #nlp