Schneider Electric Modicon M340, MC80, and Momentum Unity M1E
MonitorCVSS 7.5ICS-CERT ICSA-24-326-03Nov 12, 2024
Schneider ElectricEnergyManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E controllers contain multiple vulnerabilities related to authentication and validation. These PAC (Programmable Automation Controller) products are used to control and monitor industrial operations across energy and manufacturing sectors. The vulnerabilities could allow unauthorized access, resulting in denial of service, loss of confidentiality, and modification of controller integrity. No patches are available from Schneider Electric for affected versions; all products are either end-of-life or will not receive firmware updates.
What this means
What could happen
An attacker with network access to these controllers could execute arbitrary code, stop production operations, or modify process parameters without authorization. These products control and monitor critical industrial operations in energy and manufacturing.
Who's at risk
This affects energy and manufacturing organizations operating Schneider Electric Modicon M340, MC80, or Momentum Unity M1E programmable automation controllers (PACs). These devices are typically found in power distribution, water treatment, and manufacturing process control systems. End-of-life or legacy Modicon controllers are particularly at risk since no vendor patches are available.
How it could be exploited
An attacker with network access to a Modicon M340, MC80, or Momentum Unity M1E controller could exploit authentication or validation flaws to send malicious commands to the device. This requires the attacker to reach the controller on its network port, but Schneider Electric has not disclosed specific technical details about the vulnerability mechanism.
Prerequisites
- Network reachability to the controller's management or programming port
- No patch is available from the vendor—products are end-of-life or unpatched
remotely exploitableno patch availableaffects safety and control systemsnetwork isolation bypass possible if connected to business network
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
3 pending1 EOL
ProductAffected VersionsFix Status
Modicon Momentum Unity M1E Processor (171CBU*) All VersionAll versionsNo fix (EOL)
Modicon M340 CPU (part numbers BMXP34*) All VersionAll versionsNo fix yet
Modicon MC80 (part numbers BMKC80) All VersionAll versionsNo fix yet
Modicon M340 CPU (part numbers BMXP34*) All≥ SV3.60No fix yet
Remediation & Mitigation
0/6
Do now
0/5HARDENINGIsolate Modicon M340, MC80, and Momentum Unity M1E controllers from the business network using a firewall and air-gap them from Internet-facing systems
HARDENINGRestrict network access to controller management and programming ports to authorized engineering workstations only using firewall rules
HARDENINGPlace all controllers in locked cabinets and ensure they are never left in 'Program' mode when not actively being programmed
HARDENINGNever connect programming software or engineering workstations to networks other than the isolated control network where the controller resides
HARDENINGScan all removable media (USB drives, CDs) for malware before connecting them to any controller or node on the control network
Mitigations - no patch available
0/1Modicon Momentum Unity M1E Processor (171CBU*) All Version has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIf remote access to controllers is required, deploy a VPN with strong authentication and keep it updated to the latest version; regularly audit VPN access logs
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/500d6766-af26-4ef2-9e11-313131c6da06Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.