OTPulse
FeedAboutContact

Schneider Electric Modicon M340, MC80, and Momentum Unity M1E

Monitor7.5ICS-CERT ICSA-24-326-03Nov 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Schneider Electric Modicon PAC controllers (M340, MC80, Momentum Unity M1E) contain multiple vulnerabilities allowing unauthorized access. An attacker with network access could compromise the controller and cause denial of service or loss of data confidentiality and integrity. No vendor patches are available for any affected product version. Mitigation requires network isolation, physical security, and operational controls.

What this means
What could happen
An attacker could gain unauthorized access to Modicon controllers and deny service, or modify process parameters without detection. This could stop production or cause equipment damage.
Who's at risk
Energy and manufacturing operators running Modicon M340, MC80, or Momentum Unity M1E processors should assess their exposure. These controllers are used in power generation, water systems, and manufacturing automation to manage critical processes. Utilities and industrial plants with these controllers on networked systems are at risk.
How it could be exploited
An attacker on the same network as the controller (or with remote access) could exploit the vulnerability to authenticate and execute commands. The attack requires user interaction (CVSS AV:N, AC:H, UI:R), suggesting it may involve social engineering or a user action to trigger the vulnerability.
Prerequisites
  • Network access to the Modicon controller (direct or via remote access)
  • User interaction may be required to trigger the vulnerability
  • Controller not behind additional firewall or network segmentation controls
remotely exploitableno patch availableaffects industrial control operationsuser interaction required
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
3 pending1 EOL
ProductAffected VersionsFix Status
Modicon Momentum Unity M1E Processor (171CBU*) All VersionAll versionsNo fix (EOL)
Modicon M340 CPU (part numbers BMXP34*) All VersionAll versionsNo fix yet
Modicon MC80 (part numbers BMKC80) All VersionAll versionsNo fix yet
Modicon M340 CPU (part numbers BMXP34*) All≥ SV3.60No fix yet
Remediation & Mitigation
0/7
Do now
0/4
HARDENINGInstall physical access controls; place controllers in locked cabinets and disable Program mode
HARDENINGNever connect programming software to networks other than the intended controller network
WORKAROUNDScan USB drives, CDs, and other removable media before connecting to isolated control networks
HARDENINGPrevent mobile devices connected to other networks from accessing control networks without sanitation
Mitigations - no patch available
0/3
Modicon Momentum Unity M1E Processor (171CBU*) All Version has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate control system networks behind firewalls from business networks
HARDENINGMinimize network exposure; ensure controllers are not accessible from the Internet
HARDENINGIf remote access is required, use VPNs with current security updates and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/500d6766-af26-4ef2-9e11-313131c6da06
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E | CVSS 7.5 - OTPulse