Schneider Electric Modicon

CVEs (1)

Remediations

• Modicon M241/M251 Firmware version 5.2.11.29 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application that is part of EcoStruxure Machine Expert: https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ By using Controller Assistant update Modicon Controller M241/M251 to the latest Firmware and perform reboot.
• Modicon M258/LMC058 Firmware version 5.0.4.19 includes a fix for this vulnerability and can be downloaded here: https://www.se.com/ww/en/product-range/2730-modicon-m258-compact-plc-for-machine-automation/#software-and-firmware By using Controller Assistant from EcoStruxureTM Machine Expert update Modicon Controller M258/LMC058 and perform reboot.
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of ex * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. * Filter ports and IP through the embedded firewall. * Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP. * Disable all unused protocols (default configuration). * For more details refer to “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment User Guide”: https://www.se.com/ww/en/download/document/EIO0000004242/

Affected Vendors

Affected Products (8)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy