Schneider Electric Modicon PLC Vulnerabilities

CVEs (2)

Remediations

• Schneider Electric released a firmware patch for the listed products to address these vulnerabilities. It will initially only be available through Schneider Electric’s Customer Support teams and will be included in the next scheduled product firmware update.
• In addition, specific modules and firmware versions allow the HTTP/FTP server to be disabled through configuration settings, please consult your product documentation for further information.
• For more information on this vulnerability and detailed instructions, please see SEVD-2015-233-01 at the following location: (http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-233-01)
• For other modules and firmware, Schneider Electric has produced a recommendations document that describes firewall and network architecture settings that can be used to mitigate these types of vulnerabilities (Resolution 207869, Mitigation of Vulnerabilities) available at: (http://www.schneider-electric.com/ww/en/download/document/Res207869)
• To obtain full details on the issues and assistance on how to protect your installation please contact your local Schneider Electric representative.

Affected Vendors

Affected Products (11)