Schneider Electric Modicon PLC Vulnerabilities
Low RiskICS-CERT ICSA-15-246-02Jun 6, 2015
Summary
Schneider Electric Modicon PLC networking and controller modules contain code injection (CWE-98) and script injection (CWE-79) vulnerabilities. These vulnerabilities allow unauthenticated remote code execution through the PLC network interface. Affected modules include BMXNOC0401, BMXNOE0100/0110/0110H, BMXNOR0200H, and BMXP34 series controllers. No patches are available from Schneider Electric for any of the affected product variants.
What this means
What could happen
These vulnerabilities affect Modicon PLC networking modules and controller modules used in power plants and manufacturing facilities. An attacker with network access could execute arbitrary code on the PLC, potentially allowing them to manipulate process control logic, alter setpoints, or disrupt operations.
Who's at risk
Power generation facilities, substations, and manufacturing plants using Schneider Electric Modicon PLC networking modules (BMXNOC0401, BMXNOE series, BMXNOR0200H) and controller modules (BMXP342020, BMXP342030 series) for SCADA and process automation. These are commonly found in energy control systems and industrial automation.
How it could be exploited
An attacker would need network access to the Modicon PLC. The vulnerability allows code injection (CWE-98) or script injection (CWE-79) through the networking interface, enabling remote code execution on the controller without requiring authentication.
Prerequisites
- Network access to the PLC on its control interface (port 502 or web interface)
- No authentication required
No patch availableRemotely exploitableNo authentication requiredAffects safety-critical systemsLow complexity exploitation
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (11)
11 pending
ProductAffected VersionsFix Status
Modicon PLC: BMXNOC0401BMXNOC0401No fix yet
Modicon PLC: BMXNOE0100BMXNOE0100No fix yet
Modicon PLC: BMXNOE0110BMXNOE0110No fix yet
Modicon PLC: BMXNOE0110HBMXNOE0110HNo fix yet
Modicon PLC: BMXNOR0200HBMXNOR0200HNo fix yet
Modicon PLC: BMXP342020BMXP342020No fix yet
Modicon PLC: BMXP342020HBMXP342020HNo fix yet
Modicon PLC: BMXP342030BMXP342030No fix yet
Remediation & Mitigation
0/5
Do now
0/3HARDENINGImplement network segmentation: isolate the PLC on a separate VLAN with restricted access from engineering workstations and corporate network
WORKAROUNDDeploy firewall rules to allow only authorized engineering workstations to communicate with the PLC
WORKAROUNDDisable remote access and web interface on the PLC if not required for operations
Long-term hardening
0/2HARDENINGMonitor network traffic to and from the PLC for anomalous connections
HARDENINGEvaluate replacement or upgrade of affected Modicon PLC units to newer hardware with available security patches
CVEs (2)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/a31fbc12-c823-4c93-849d-5e84adcd4c30