Schneider Electric Modicon Controllers

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information leakage.

CVEs (1)

Remediations

• Modicon M580 firmware Version 2.80 is available for download. For more information see Schneider Electric advisory SEVD-2019-134-03
• Modicon M340: currently, no fix is available. Schneider Electric recommends that affected users set up network segmentation and implement a firewall to block all remote/external access to TCP ports. Configure the Access Control List following the recommendations of the user manual “Modicon M340 for Ethernet Communications Modules and Processors User Manual,” in the chapter titled “Messaging Configuration Parameters,” which is available here: https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=31007131_K01_000_16.pdf&p_Doc_Ref=31007131K01000
• Schneider Electric recommends that affected users set up network segmentation and implement a firewall to block all remote/external access to TCP ports.
• Configure the Access Control List following the recommendations of the user manual “Modicon M340 for Ethernet Communications Modules and Processors User Manual,” in the chapter titled “Messaging Configuration Parameters,” which is available here: https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=31007131_K01_000_16.pdf&p_Doc_Ref=31007131K01000
• Modicon Premium and Modicon Quantum: Set up network segmentation and implement a firewall to block all unauthorized access to all TCP ports.
• Set up network segmentation and implement a firewall to block all unauthorized access to all TCP ports.
• In December 2018, Schneider Electric reported that the Modicon Premium and Quantum controllers reached the End of Commercialization life cycle. For more information, please see Schneider Electric advisory SEVD-2019-134-03

Affected Vendors

Affected Products (4)

Affected Sectors

Multiple Sectors