OTPulse
FeedAboutContact

Schneider Electric Modicon Controllers

Plan Patch7.5ICS-CERT ICSA-19-183-01Jul 2, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability exists in Schneider Electric Modicon controllers (M340, M580, Quantum, Premium). An attacker can send malformed Modbus packets to port 502/TCP, causing the controller to stop responding and interrupt critical operations. The vulnerability requires only network access—no credentials or special privileges. Modicon M340 is fixed in firmware version 3.01, M580 in version 2.80. Modicon Quantum controllers are end-of-life and will not receive a patch; users should migrate to M580 ePAC. Modicon Premium version status is unclear in the advisory text.

What this means
What could happen
An attacker could cause Modicon controllers to become unresponsive, interrupting water treatment, distribution, or power generation operations. Recovery requires manual intervention and potential device restart.
Who's at risk
Water utilities and electric utilities operating Schneider Electric Modicon M340, M580, Quantum, or Premium controllers. These are programmable logic controllers (PLCs) that directly control water treatment, pumping, and power distribution operations. Any organization using these as SCADA components should prioritize this advisory.
How it could be exploited
An attacker with network access to port 502/TCP can send specially crafted Modbus packets to trigger a denial-of-service condition on vulnerable controllers. No authentication or special credentials are required; the attacker only needs to reach the device over the network.
Prerequisites
  • Network access to port 502/TCP (Modbus protocol)
  • Device is reachable from attacker's network or the Internet if not firewalled
  • Target is running vulnerable firmware version
remotely exploitableno authentication requiredlow complexityaffects availability of critical infrastructuredefault network exposure on port 502Quantum controllers are end-of-life with no patch available
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Modicon M340: Firmware< 3.012.80
Modicon Quantum: all versionsAll versions2.80
Modicon Premium: all versionsAll versions2.80
Modicon M580: Firmware< 2.802.80
Remediation & Mitigation
0/7
Do now
0/2
WORKAROUNDImplement firewall rules to block all unauthorized access to port 502/TCP
HARDENINGEnsure all controllers are kept in locked cabinets and not left in Program mode
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M340 firmware to version 3.01 or later
HOTFIXUpdate Modicon M580 firmware to version 2.80 or later
HOTFIXMigrate Modicon Quantum controllers to Modicon M580 ePAC (end-of-life product)
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate control system networks from business network
HARDENINGScan all removable media (USB drives, CDs) before connecting to control networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/94d0811b-fcf8-48da-97b1-57bb9f731818
Schneider Electric Modicon Controllers | CVSS 7.5 - OTPulse