OTPulse
FeedAboutContact

Schneider Electric Modicon X80

Monitor5.3ICS-CERT ICSA-21-159-05Jun 8, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric Modicon X80 BMXNOR0200H RTU contains an information disclosure vulnerability in its web server. An unauthenticated remote attacker can access the web interface on HTTP port 80/TCP to retrieve sensitive information about network architecture and device configuration. The web access service is disabled by default. No vendor patch is available; mitigation relies on disabling the service when not needed, changing default credentials, and applying network segmentation controls.

What this means
What could happen
An attacker with network access to the device can read sensitive information about the network architecture without authentication. This disclosure could help an attacker plan a more targeted attack against your plant or utility systems.
Who's at risk
Water utilities and municipal electric systems relying on Modicon X80 BMXNOR0200H RTUs for remote terminal units and I/O control should assess whether their devices have HTTP web access enabled and exposed to the network.
How it could be exploited
An attacker reaches the Modicon X80's web server on port 80/TCP from the network and retrieves information about the device configuration and network layout without providing credentials. This information disclosure does not allow command execution or process control but reveals infrastructure details that support further attacks.
Prerequisites
  • Network access to HTTP port 80/TCP on the Modicon X80 controller
  • Web access service must be enabled (disabled by default, but enabled if needed for maintenance)
remotely exploitableno authentication requiredlow complexityno patch availableinformation disclosure (not safety-critical but aids reconnaissance)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon X80 BMXNOR0200H RTU: SV1.70 IR22 and prior≤ SV1.70 IR22No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDDisable the web (HTTP) service via Ecostruxure Control Expert when not actively performing maintenance or configuration
HARDENINGChange the default password for HTTP web server access using the Security link on the Setup page
HARDENINGImplement firewall rules to block all unauthorized access to HTTP port 80/TCP on Modicon X80 controllers
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGConfigure Access Control Lists on any BMXNOC modules following Schneider Electric's Modicon Controllers Platform Cyber Security Reference Manual
Mitigations - no patch available
0/1
Modicon X80 BMXNOR0200H RTU: SV1.70 IR22 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate the control system network from business network and internet; place devices behind firewalls and avoid internet-facing exposure
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1c65bd9a-cdd0-4baa-b15b-dbba8d4feabb
Schneider Electric Modicon X80 | CVSS 5.3 - OTPulse