ICSA-17-103-02A
·
Published 2017-07-20
·
View on CISA ICS-CERT ↗
Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)
CVSS 10.0
CRITICAL
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.
CVEs (2)
Remediations
- Schneider Electric recommends that users store project files in secure, access-restricted locations and encrypt project files with reputable third party file encryption tools.
- On June 14, 2017, Schneider Electric released firmware v1.5.1.0 and associated SoMachineBasic V1.5SP1. The new version uses an enhanced encryption mechanism and prevents M221 from returning the password. Users may download SoMachineBasic V1.5SP1 (including firmware v1.5.1.0) from the Schneider Electric web site at the following location:
- Schneider Electric's security notice SEVD-2017-097-01 is available at the following location:
- Schneider Electric's security notice SEVD-2017-097-02 is available at the following location:
Affected Vendors
Schneider Electric Software, LLC
Affected Products (2)
Schneider Electric Software, LLC
·
Modicon M221 PLC
<= 1.5.0.1
Schneider Electric Software, LLC
·
SoMachine Basic
> 1.5
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more