Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update B)

Plan PatchCVSS 8.1ICS-CERT ICSA-24-326-04Nov 12, 2024

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Schneider Electric Modicon PAC controllers (M340, MC80, Momentum M1E) that result from improper input validation (CWE-20) and memory handling errors (CWE-119). These flaws allow remote, unauthenticated attackers to achieve code execution on the controller, potentially enabling denial of service, unauthorized process modification, and loss of system confidentiality and integrity. Modicon controllers are used to monitor and control critical industrial operations. Schneider Electric has released firmware patches for all three affected product lines as of January 2026.

What this means

What could happen

An attacker with network access to the controller could exploit input validation or memory handling flaws to execute unauthorized commands, potentially altering setpoints, stopping critical processes, or causing loss of visibility into plant operations. This affects availability, confidentiality, and integrity of the control system.

Who's at risk

Power generation and distribution facilities, manufacturing plants, and process control operations using Modicon M340, MC80, or Momentum M1E controllers. These are programmable logic controllers (PLCs) used to monitor and control critical industrial processes including power generation, water treatment, chemical processing, and manufacturing lines.

How it could be exploited

An attacker on the network sends a specially crafted input to the controller's network interface that bypasses input validation (CWE-20) or triggers a memory handling error (CWE-119). This allows remote code execution on the CPU controller without requiring authentication, enabling direct modification of process parameters or operational shutdown.

Prerequisites

Network access to the controller's Ethernet interface or industrial protocol port
No authentication required
Controller running vulnerable firmware version (Modicon M340 < SV3.65, MC80 < SV2.1, Momentum M1E < SV2.80)

Remotely exploitableNo authentication requiredInput validation and memory handling flawsAffects safety and availability systemsHigh CVSS score (8.1)

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Modicon M340 CPU Controller (part numbers BMXP34*)< SV3.65SV3.65

Modicon MC80 Controller (part numbers BMKC80)< SV2.1SV2.1

Modicon Momentum Unity M1E Processor Controller (171CBU*)< SV2.80SV2.80

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to the controller Ethernet port to only authorized engineering workstations and SCADA servers using firewall rules or network segmentation

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M340 CPU Controller firmware to version SV3.65 or later

HOTFIXUpdate Modicon MC80 Controller firmware to version SV2.1 or later

HOTFIXUpdate Modicon Momentum Unity M1E Processor Controller firmware to version SV2.80 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the PLC network from general IT and internet-connected networks

CVEs (3)

CVE-2024-8936 CVE-2024-8937 CVE-2024-8938

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/72ef792e-4257-4ca9-95e7-e1d04e8dd0f9

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.