Schneider Electric communication modules for Modicon M580 and Quantum controllers (Update B)
Plan PatchCVSS 9.8ICS-CERT ICSA-25-058-01Jan 14, 2025
Schneider ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A stack overflow vulnerability exists in Schneider Electric communication modules used with Modicon M580 and Quantum programmable logic controllers. The vulnerability allows remote attackers to cause loss of confidentiality, integrity, and availability of the affected devices without authentication. The following modules are affected: BMENOC0321, BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, and 140CRA31908. Schneider Electric has released patched firmware versions for all affected modules.
What this means
What could happen
An attacker could exploit a stack overflow in communication modules used with Modicon M580 and Quantum controllers, potentially gaining remote code execution to alter process logic, manipulate setpoints, or force shutdown of critical control systems.
Who's at risk
Operators of Modicon M580 and Quantum programmable logic controllers (PLCs) using communication modules for remote monitoring or data exchange. Primarily affects energy sector organizations managing power generation, distribution, or facility automation where these controllers are deployed.
How it could be exploited
An attacker with network access to a vulnerable communication module could send a specially crafted message that triggers a stack overflow. This would allow the attacker to inject and execute arbitrary code on the controller, compromising the integrity of industrial processes and safety systems.
Prerequisites
- Network access to the communication module port
- No authentication required
- Module running vulnerable firmware version
remotely exploitableno authentication requiredlow complexitynative OT equipmentcritical CVSS (9.8)affects process control integrity
Exploitability
Unlikely to be exploited — EPSS score 0.7%
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
Modicon M580 communication modules BMENOC0321<SV1.10SV1.10
Modicon M580 communication modules BMECRA31210<SV02.80SV02.80
Modicon M580/Quantum communication modules BMXCRA31200<SV02.80SV02.80
Modicon M580/Quantum communication modules BMXCRA31210<SV02.80SV02.80
Modicon Quantum communication modules 140CRA31200<02.8002.80
Modicon Quantum communication module 140CRA31908<02.8002.80
Modicon M580 communication modules BMENOC BMENOC0321: <SV1.10<SV1.10SV1.10
Modicon M580 communication modules BMECRA BMECRA31210: <SV02.80<SV02.80SV02.80
Remediation & Mitigation
0/7
Do now
0/3HARDENINGIsolate M580 and Quantum controller networks from business networks with firewalls
WORKAROUNDRestrict network access to communication modules—allow only authorized engineering workstations and exclude Internet-facing connections
HARDENINGPlace all controllers in locked cabinets and ensure they are not left in Program mode
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
140CRA31200 (Quantum RIO Drop) 140CRA31200: <V02.80
HOTFIXUpdate 140CRA31200 (Quantum RIO Drop) to firmware version V02.80 or later
140CRA31908 (M580 Quantum S908 RIO Drop Adapter) 140CRA31908: <V02.80
HOTFIXUpdate 140CRA31908 (M580 Quantum S908 RIO Drop Adapter) to firmware version V02.80 or later
All products
HOTFIXUpdate BMENOC0321 module to firmware version SV1.10 or later
HOTFIXUpdate BMECRA31210, BMXCRA31200, and BMXCRA31210 modules to firmware version SV02.80 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/db83a287-042d-4eb1-9c2b-fe278ed6293cGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.