Schneider Electric Modicon Controllers

Plan PatchCVSS 7.5ICS-CERT ICSA-19-183-01Jul 2, 2019

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Schneider Electric Modicon controllers (M340, M580, Quantum, Premium). An attacker can send malformed Modbus packets to port 502/TCP, causing the controller to stop responding and interrupt critical operations. The vulnerability requires only network access—no credentials or special privileges. Modicon M340 is fixed in firmware version 3.01, M580 in version 2.80. Modicon Quantum controllers are end-of-life and will not receive a patch; users should migrate to M580 ePAC. Modicon Premium version status is unclear in the advisory text.

What this means

What could happen

An attacker could cause Modicon controllers to become unresponsive, interrupting water treatment, distribution, or power generation operations. Recovery requires manual intervention and potential device restart.

Who's at risk

Water utilities and electric utilities operating Schneider Electric Modicon M340, M580, Quantum, or Premium controllers. These are programmable logic controllers (PLCs) that directly control water treatment, pumping, and power distribution operations. Any organization using these as SCADA components should prioritize this advisory.

How it could be exploited

An attacker with network access to port 502/TCP can send specially crafted Modbus packets to trigger a denial-of-service condition on vulnerable controllers. No authentication or special credentials are required; the attacker only needs to reach the device over the network.

Prerequisites

Network access to port 502/TCP (Modbus protocol)
Device is reachable from attacker's network or the Internet if not firewalled
Target is running vulnerable firmware version

remotely exploitableno authentication requiredlow complexityaffects availability of critical infrastructuredefault network exposure on port 502Quantum controllers are end-of-life with no patch available

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon M340: Firmware< 3.012.80

Modicon Quantum: all versionsAll versions2.80

Modicon Premium: all versionsAll versions2.80

Modicon M580: Firmware< 2.802.80

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDImplement firewall rules to block all unauthorized access to port 502/TCP

HARDENINGEnsure all controllers are kept in locked cabinets and not left in Program mode

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M340 firmware to version 3.01 or later

HOTFIXUpdate Modicon M580 firmware to version 2.80 or later

HOTFIXMigrate Modicon Quantum controllers to Modicon M580 ePAC (end-of-life product)

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate control system networks from business network

HARDENINGScan all removable media (USB drives, CDs) before connecting to control networks

CVEs (1)

CVE-2019-6819

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/94d0811b-fcf8-48da-97b1-57bb9f731818

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.