OTPulse
FeedAboutContact

Schneider Electric Modicon M221

Monitor4.8ICS-CERT ICSA-18-240-02Aug 28, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

Modicon M221 PLC (firmware versions prior to 1.6.2.0) contains an exception handling flaw (CWE-754) that allows an unauthenticated remote attacker to send a specially crafted packet that causes the device to reboot. The advisory notes no known public exploits exist but indicates high skill is needed to discover and execute the attack. Successful exploitation disrupts control of connected devices until the PLC restarts.

What this means
What could happen
An attacker could force the Modicon M221 PLC to reboot unexpectedly, disrupting any automated processes controlled by the device, such as pump operations or system sequencing in energy infrastructure.
Who's at risk
Energy utilities and municipal systems using Schneider Electric Modicon M221 PLCs for automation control, including water authorities and electric distribution operators who rely on this device for pump, compressor, or valve control sequences.
How it could be exploited
An attacker with network access to the M221 could send a specially crafted packet to trigger an unhandled exception that causes the device to reboot. This requires network connectivity to the PLC but no authentication or credentials.
Prerequisites
  • Network access to the Modicon M221 PLC (TCP/IP connectivity)
  • No authentication required
  • Device must be running firmware version prior to 1.6.2.0
remotely exploitableno authentication requiredlow complexityaffects availability of automated processesolder advisory with disclosed technical details
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon M221: all references and<1.6.2.0Firmware v1.6.2.0
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to the Modicon M221 using firewall rules—only allow connections from authorized engineering workstations and SCADA servers on the production network
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M221 firmware to version 1.6.2.0 or later using SoMachine Basic v1.6 SP2 or the Schneider Electric Software Update tool
Long-term hardening
0/2
HARDENINGSegment the control system network from the business network and the Internet to prevent remote exploitation attempts
HARDENINGIf remote access to the M221 is required, use a VPN with strong authentication and keep VPN software and firmware on the endpoint up to date
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fe2d1717-0c2f-4dcf-bc56-d6f5ca06fa3a
Schneider Electric Modicon M221 | CVSS 4.8 - OTPulse