OTPulse
FeedAboutContact

Schneider Electric PLCs Vulnerabilities

Low RiskICS-CERT ICSA-13-077-01BDec 20, 2013
Summary

Schneider Electric Modicon M340, Quantum, and Premium PLC modules contain improper authentication (CWE-287) and CSRF/request forgery (CWE-352) vulnerabilities that allow attackers to bypass authentication controls or forge program update requests to these devices. An attacker with network access could exploit these flaws to modify PLC control logic without authorization. All versions of these PLC families are affected, and no vendor patches are available.

What this means
What could happen
An attacker with network access to a Schneider Electric PLC could bypass authentication controls or forge program update requests, allowing modification of control logic without proper authorization checks.
Who's at risk
Energy utilities and manufacturing plants operating Schneider Electric Modicon M340, Quantum, or Premium PLC modules are affected. This impacts facilities that rely on these PLCs for critical process control, including power generation, distribution automation, water treatment, and manufacturing process control.
How it could be exploited
An attacker on the network segment containing the PLC could send specially crafted requests that bypass authentication (CWE-287) or forge program update commands by spoofing a valid update source (CWE-352), allowing injection of malicious ladder logic or control parameters into the running program.
Prerequisites
  • Network access to the PLC Ethernet port (port 502 or engineering workstation communications port)
  • No valid credentials required for exploitation
No patch available (end-of-life hardware)Remotely exploitable if network accessibleNo authentication requiredLow complexity exploitationAffects critical control logic
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Modicon M340 PLC modules: vers:all/*All versionsNo fix (EOL)
Quantum PLC modules: vers:all/*All versionsNo fix (EOL)
Premium PLC modules: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate Schneider Electric PLCs on a separate control network segment; restrict access to engineering workstations and authorized maintenance systems only using firewall rules or network segmentation
WORKAROUNDDisable remote program upload/download features on PLCs if not required for your operations; configure access controls to allow only trusted engineering workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring and logging on the control network to detect suspicious program update attempts or authentication bypass attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a9d06f39-64e9-4895-a31d-86e0e283fa3b
Schneider Electric PLCs Vulnerabilities - OTPulse