Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H

Plan PatchCVSS 8.6ICS-CERT ICSA-25-035-06Jan 14, 2025

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability exists in the web server component of Schneider Electric Modicon M340 programmable automation controllers and associated communication modules (BMXNOE0100, BMXNOE0110, BMXNOR0200H). The vulnerability allows unauthenticated attackers on the network to read, modify, or delete web pages served by these devices and potentially cause denial of service. The Modicon M340 is widely used in energy sector automation; the communication modules enable Modbus/TCP and RTU protocol communication. Exploitation could result in information disclosure, web content manipulation, or unavailability of the controller's web interface, disrupting remote monitoring and operational visibility.

What this means

What could happen

An unauthenticated attacker on the network can read, modify, or delete web pages served by the M340 controller or network modules, or cause the controller to become unresponsive, disrupting remote monitoring and control of critical infrastructure.

Who's at risk

Energy utilities and other critical infrastructure operators using Schneider Electric Modicon M340 programmable automation controllers with BMXNOE0100/0110 Modbus/TCP Ethernet modules or BMXNOR0200H Ethernet/Serial RTU modules should assess their deployment. The M340 is commonly used in power generation, distribution, and control applications where web-based monitoring and remote diagnostics are enabled.

How it could be exploited

An attacker sends a specially crafted HTTP request to the web server running on the affected Modicon M340 processor or communication module (BMXNOE0100/0110 or BMXNOR0200H) over the network. No credentials are required. The vulnerability allows the attacker to access, modify, or delete web content and potentially deny service to the web interface.

Prerequisites

Network connectivity to the HTTP port on the affected Modicon M340 processor or communication module
No authentication required

remotely exploitableno authentication requiredlow complexityaffects critical infrastructure control systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

Modicon M340 processors All versionsAll versionsNo fix (EOL)

Modbus/TCP Ethernet Modicon M340 module<SV3.60SV3.60

Modbus/TCP Ethernet Modicon M340 FactoryCast module<SV6.80SV6.80

Ethernet / Serial RTU module<SV1.70IR26SV1.70IR26

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to HTTP/HTTPS ports on Modicon M340 processors and communication modules to trusted engineering workstations and SCADA servers only using firewall rules

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate BMXNOE0100 (Modbus/TCP Ethernet module) to firmware version SV3.60 or later

HOTFIXUpdate BMXNOE0110 (FactoryCast Ethernet module) to firmware version SV6.80 or later

HOTFIXUpdate BMXNOR0200H (Ethernet/Serial RTU module) to firmware version SV1.70IR26 or later

Mitigations - no patch available

0/1

Modicon M340 processors All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate Modicon M340 systems and communication modules on a separate OT network segment with restricted access to/from IT networks

CVEs (1)

CVE-2024-12142

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/82ec8b1c-4d2b-432b-b0c8-aa20c14dc8c8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.