Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Plan Patch7.5ICS-CERT ICSA-23-201-01Jul 20, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Multiple Schneider Electric Modicon PLC and EcoStruxure product families are vulnerable to unauthorized access, arbitrary code execution, and denial-of-service attacks through unspecified mechanisms. Affected products include EcoStruxure Control Expert and Process Expert software, Modicon M340, M580, MC80, Momentum Unity M1E, and legacy Quantum and Premium CPUs. The vulnerability affects versions before specified fixed releases.

What this means

What could happen

An attacker could gain unauthorized control of your Modicon PLCs or engineering workstations, executing arbitrary commands that alter process setpoints, disable safety interlocks, or halt critical operations. This poses a direct threat to plant availability and process safety.

Who's at risk

Energy utilities and manufacturing plants operating Modicon M340, M580, MC80, Momentum M1E, Quantum, and Premium CPUs should prioritize this advisory. Organizations using EcoStruxure Control Expert or Process Expert for PLC programming and management are also at risk. This affects legacy and current-generation Schneider Electric PLC infrastructure commonly found in water treatment, power distribution, and industrial process automation.

How it could be exploited

An attacker with network access to an affected Modicon PLC or EcoStruxure workstation could exploit this vulnerability to execute arbitrary code on the device. The attack may require user interaction (e.g., opening a malicious file on an engineering workstation) but would grant direct control over the PLC's logic and outputs.

Prerequisites

Network access to the affected PLC or engineering workstation
For EcoStruxure products: potentially user interaction such as opening a malicious file or attachment

remotely exploitableaffects industrial control systemsno patch available for legacy Modicon MC80 and M580 Safety variantsaffects multiple PLC families across product linesarbitrary code execution capability

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (8)

6 with fix2 EOL

ProductAffected VersionsFix Status

EcoStruxure Control Expert: < 15.3< 15.315.3

Modicon M340 CPU (part numbers BMXP34*): < SV3.51< SV3.51SV3.51

Modicon M580 CPU (part numbers BMEP* and BMEH*): < SV4.10< SV4.10SV4.10

Modicon Momentum Unity M1E Processor (part numbers 171CBU*): < SV2.6< SV2.6SV2.6

Modicon MC80 CPU (part numbers BMKC80*): *All versionsNo fix (EOL)

Legacy Modicon Quantum (part numbers 140CPU65*) and Premium CPUs (part numbers TSXP57*): *All versionsNo fix (EOL)

EcoStruxure Process Expert: <= 2020≤ 2020V2021

Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): *All versionsSV4.10

Remediation & Mitigation

0/7

Do now

0/2

HARDENINGIsolate Modicon MC80, Modicon M580 Safety variants, legacy Quantum, and Premium CPUs on a segmented network with restricted access controls until patches or replacement equipment becomes available

HARDENINGMonitor network access logs for unauthorized connections to affected PLCs and engineering workstations

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Control Expert to version 15.3 or later

HOTFIXUpgrade EcoStruxure Process Expert to version V2021 or later

HOTFIXUpgrade Modicon M340 CPU firmware to SV3.51 or later

HOTFIXUpgrade Modicon M580 CPU firmware to SV4.10 or later

HOTFIXUpgrade Modicon Momentum Unity M1E Processor firmware to SV2.6 or later

CVEs (1)

CVE-2022-45788

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aadebc24-29a4-45d6-a36f-47ed5be23644