ICSA-17-054-03
·
Published 2019-01-10
·
View on CISA ICS-CERT ↗
Schneider Electric Modicon M340 PLC (Update A)
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC.
CVEs (1)
Remediations
- M340: https://www.schneider-electric.fr/fr/search/V2.9?filters=CAT_PRD_DOC_FIRMUPD
- M580: https://www.schneider-electric.us/en/product-range/62098-modicon-m580-paccontroller/
- Quantum: https://www.schneider-electric.com/en/download/document/OFS_3_50_2905/
- Set up a firewall blocking all remote/external access to Port 502
- For more information Schneider Electric has released a security notification that can be found at: https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/
Affected Vendors
Schneider Electric Software, LLC
Affected Products (5)
Schneider Electric Software, LLC
·
Quantum CPUs with firmware
< 3.52
Schneider Electric Software, LLC
·
Premium CPUs
vers:all/*
Schneider Electric Software, LLC
·
M580 CPUs with firmware
< 2.3
Schneider Electric Software, LLC
·
M340 CPUs with firmware
< 2.9
Schneider Electric Software, LLC
·
M1E CPUs
vers:all/*
Affected Sectors
Defense Industrial Base; Energy; Government Facilities; Nuclear Reactors, Materials, and Waste; Transportation Systems; Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more