OTPulse
FeedAboutContact

Schneider Electric Web Designer for Modicon

Monitor7.8ICS-CERT ICSA-25-035-05Feb 4, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Web Designer for Modicon M340 communication modules contains an XML external entity (XXE) vulnerability in how project configuration files are parsed. The vulnerability allows unauthorized disclosure of sensitive information, modification of controller configurations, and potential remote code execution if a user opens a malicious project file. All versions of Web Designer are affected for modules BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), and BMENOC0321(C). Schneider Electric has not released a patch and instead recommends file integrity controls, encryption, secure file transfer, and network segmentation as compensating measures.

What this means
What could happen
An attacker with access to a project configuration file could modify Modicon controller settings, causing incorrect process behavior, operational disruptions, or loss of safety system functionality. The vulnerability also exposes sensitive configuration and credentials stored in the XML project files.
Who's at risk
Energy utilities using Schneider Electric Modicon M340 controllers with communication modules (BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), BMENOC0321(C)) for process automation or safety-critical functions. This affects engineering teams and operations staff who create or receive Web Designer project configuration files.
How it could be exploited
An attacker must obtain the XML project file through social engineering (email attachment), removable media, or network interception during file transfer. They can then modify the file to inject malicious configuration or extract sensitive data, and trick an engineer into opening the corrupted file on their engineering workstation. The compromised workstation could then be used to reprogram the PLC or spread malware across the control network.
Prerequisites
  • Access to the Web Designer project file (XML) – typically via email, USB, or network share
  • User action required – engineer must open the malicious project file
  • The file is not signed or validated for authenticity
  • No requirement for authentication to the engineering workstation if attacker can drop file locally
No authentication required to open malicious project filesLow complexity attack – requires only file modification and social engineeringNo patch available – vendor recommends compensating controls onlyAffects both industrial control systems and safety system configurationsSensitive data (credentials, process setpoints) stored unencrypted in XML files
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
Web Designer for BMXNOR0200H: vers:all/*All versionsNo fix (EOL)
Web Designer for BMXNOE0110(H): vers:all/*All versionsNo fix (EOL)
Web Designer for BMENOC0311(C): vers:all/*All versionsNo fix (EOL)
Web Designer for BMENOC0321(C): vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/4
HARDENINGEncrypt Web Designer project files (XML configuration) when stored and restrict access to trusted users only
HARDENINGUse secure file transfer protocols (SFTP, TLS) when exchanging project files over the network instead of unencrypted methods
HARDENINGEstablish a policy to only open Web Designer project files received from verified trusted sources; implement a review/approval process for external files
WORKAROUNDCompute and regularly verify cryptographic hashes (SHA-256) of project files to detect unauthorized modifications before use
Mitigations - no patch available
0/3
The following products have reached End of Life with no planned fix: Web Designer for BMXNOR0200H: vers:all/*, Web Designer for BMXNOE0110(H): vers:all/*, Web Designer for BMENOC0311(C): vers:all/*, Web Designer for BMENOC0321(C): vers:all/*. Apply the following compensating controls:
HARDENINGIsolate Web Designer and other engineering workstations from the business network using firewalls and air-gapping where feasible
HARDENINGScan all removable media (USB drives, CDs) with antivirus before connecting to any control system network
HARDENINGProhibit engineering workstations from connecting to untrusted networks; enforce clean-media policy for devices that move between networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ef792971-077d-49cf-9fe2-c2bdc611e892