← Back to home
ICSA-25-254-09  ·  Published 2025-08-12  ·  View on CISA ICS-CERT ↗

Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110

CVSS 6.5 MEDIUM

CVEs (1)

Remediations

  • Schneider Electric is establishing a remediation plan for all future versions of Modicon M340 that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: • Setup network segmentation and implement a firewall to block all unauthorized access to FTP port 21/TCP on the devices. • FTP service is disabled by default. Deactivate the FTP service after use when not needed. • Configure the Access Control List following the recommendations of the user manuals: o “Modicon M340 for Ethernet Communications Modules and Processors User Manual” in chapter “Messaging Configuration Parameters”: https://www.se.com/ww/en/download/document/31 007131K01000/
  • Version SV3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product/BMXNOE0100/network-module-modicon-m340-modbus-tcp-1-x-rj45-flash-memory-card
  • Version SV6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product/BMXNOE0110/ethernet-tcp-ip-network-module-modicon-m340-automation-platform-flash-memory-card-internal-ram-16-mb-1-x-rj45-10-100/
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Setup network segmentation and implement a firewall to block all unauthorized access to FTP port 21/TCP on the devices. • FTP service is disabled by default. Deactivate the FTP service after use when not needed. • Configure the Access Control List following the recommendations of the user manuals: o “Modicon M340 for Ethernet Communications Modules and Processors User Manual” in chapter “Messaging Configuration Parameters”: https://www.se.com/ww/en/download/document/31 007131K01000/

Affected Vendors

Schneider Electric

Affected Products (5)

Schneider Electric · Modicon M340 vers:all/*
Schneider Electric · Modbus/TCP Ethernet Modicon M340 module <SV3.60
Schneider Electric · Modbus/TCP Ethernet Modicon M340 module SV3.60
Schneider Electric · Modbus/TCP Ethernet Modicon M340 FactoryCast module <SV6.80
Schneider Electric · Modbus/TCP Ethernet Modicon M340 FactoryCast module SV6.80

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more