Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Plan PatchCVSS 7.5ICS-CERT ICSA-23-201-01Jan 10, 2023

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Multiple Schneider Electric Modicon PLC and EcoStruxure product families are vulnerable to unauthorized access, arbitrary code execution, and denial-of-service attacks through unspecified mechanisms. Affected products include EcoStruxure Control Expert and Process Expert software, Modicon M340, M580, MC80, Momentum Unity M1E, and legacy Quantum and Premium CPUs. The vulnerability affects versions before specified fixed releases.

What this means

What could happen

An attacker could gain unauthorized control of your Modicon PLCs or engineering workstations, executing arbitrary commands that alter process setpoints, disable safety interlocks, or halt critical operations. This poses a direct threat to plant availability and process safety.

Who's at risk

Energy utilities and manufacturing plants operating Modicon M340, M580, MC80, Momentum M1E, Quantum, and Premium CPUs should prioritize this advisory. Organizations using EcoStruxure Control Expert or Process Expert for PLC programming and management are also at risk. This affects legacy and current-generation Schneider Electric PLC infrastructure commonly found in water treatment, power distribution, and industrial process automation.

How it could be exploited

An attacker with network access to an affected Modicon PLC or EcoStruxure workstation could exploit this vulnerability to execute arbitrary code on the device. The attack may require user interaction (e.g., opening a malicious file on an engineering workstation) but would grant direct control over the PLC's logic and outputs.

Prerequisites

Network access to the affected PLC or engineering workstation
For EcoStruxure products: potentially user interaction such as opening a malicious file or attachment

remotely exploitableaffects industrial control systemsno patch available for legacy Modicon MC80 and M580 Safety variantsaffects multiple PLC families across product linesarbitrary code execution capability

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (17)

12 with fix1 pending4 EOL

ProductAffected VersionsFix Status

EcoStruxure™ Control Expert≤ 15.215.3

EcoStruxure™ Process Expert All VersionsAll versionsNo fix yet

Modicon M340 CPU<SV3.51SV3.51

Modicon M580 CPU≤ SV4.104.10

Modicon M580 CPU Safety (BMEP58*S and BMEH58*S)<SV4.21SV4.21

Remediation & Mitigation

0/7

Do now

0/2

Modicon MC80

HARDENINGIsolate Modicon MC80, Modicon M580 Safety variants, legacy Quantum, and Premium CPUs on a segmented network with restricted access controls until patches or replacement equipment becomes available

All products

HARDENINGMonitor network access logs for unauthorized connections to affected PLCs and engineering workstations

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Modicon M340 CPU

HOTFIXUpgrade Modicon M340 CPU firmware to SV3.51 or later

Modicon M580 CPU

HOTFIXUpgrade Modicon M580 CPU firmware to SV4.10 or later

Modicon Momentum Unity M1E Processor

HOTFIXUpgrade Modicon Momentum Unity M1E Processor firmware to SV2.6 or later

All products

HOTFIXUpgrade EcoStruxure Control Expert to version 15.3 or later

HOTFIXUpgrade EcoStruxure Process Expert to version V2021 or later

CVEs (1)

CVE-2022-45788

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aadebc24-29a4-45d6-a36f-47ed5be23644

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.