Modicon Controllers

Act Now10SEVD-2019-134-11May 14, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Modicon Controllers contain multiple vulnerabilities that could allow remote execution of unsolicited commands on programmable logic controllers (PLCs). The vulnerabilities span authentication, input validation, and information disclosure mechanisms across Modicon M580, M340, Quantum, Premium, Momentum, and MC80 controller families. Successful exploitation could result in loss of availability and unauthorized modification of controller operations.

What this means

What could happen

An attacker could remotely execute commands on your Modicon PLC, potentially altering process setpoints, stopping operations, or disrupting complex networked control and display functions critical to your facility.

Who's at risk

Energy and manufacturing organizations using Schneider Electric Modicon programmable logic controllers for networked automation and control operations. This includes all versions of Modicon M580, M340, Quantum, Premium, MC80, and Momentum CPU families used in electric distribution systems, water treatment facilities, manufacturing production lines, and other critical process control applications.

How it could be exploited

An attacker with network access to the Modicon controller can send specially crafted commands that bypass authentication controls and validation checks, allowing direct command execution. The CVSS vector indicates no authentication or user interaction is required and the attack has network-wide scope.

Prerequisites

Network access to the Modicon controller on port 502 or management interface port
No valid credentials required
Controller running vulnerable firmware version

remotely exploitableno authentication requiredlow complexityhigh CVSS score (10/10)high EPSS score (43.3%)affects PLCs controlling critical infrastructuremultiple CWE classes (authentication, validation, information disclosure)no patch available for MC80 and Momentum CPU (older product lines)

Exploitability

High exploit probability (EPSS 43.3%)

Affected products (19)

16 with fix1 pending2 EOL

ProductAffected VersionsFix Status

Modicon MC80 BMKC80* prior to 1.80<1.801.80

Modicon Momentum CPU (part numbers 171CBU*) all versionsAll versionsNo fix yet

PLC Simulator for EcoStruxure™ Control Expert prior to 15.1<15.115.1

Modicon Premium Modicon Momentum Unity M1E Processor (part numbers 171CBU*) prior to SV2.6<SV2.63.20

Modicon M580 prior to 2.90<2.903.10

Remediation & Mitigation

0/13

Do now

0/2

WORKAROUNDRestrict network access to Modicon controller management ports using firewall rules; allow only authorized engineering workstations

WORKAROUNDDisable remote management access on Modicon controllers if not required for operations

Schedule — requires maintenance window

0/10

Patching may require device reboot — plan for process interruption

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Modicon MC80 all versions, Modicon Momentum M1E all versions. Apply the following compensating controls:

HARDENINGIsolate Modicon controllers on a separate VLAN or network segment, blocking unauthorized access from other plant networks

CVEs (22)

View full Schneider Electric advisory

↑↓ Navigate · Esc Close