Modicon Quantum Ethernet Network module and Quantum / Premium COPRO

Plan PatchCVSS 7.5SEVD-2020-070-02Mar 10, 2020

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in the Quantum Ethernet Network module (140NOE771x) and Quantum/Premium processors with integrated Ethernet. Crafted network packets can cause the Ethernet module to become unresponsive, severing network communication with remote controllers and field devices. This affects Quantum CPUs with integrated Ethernet (140CPU65xxxxx, all versions) and Premium processors with integrated Ethernet (all versions), for which no fix is available. The 140NOE77101 and 140NOE77111 Ethernet network modules are fixed in firmware version 7.1.

What this means

What could happen

Loss of availability of the Ethernet network module can interrupt communication with remote controllers and field devices, potentially halting plant operations or causing uncontrolled process states.

Who's at risk

Energy utilities and industrial facilities using Schneider Electric Quantum or Premium controllers with integrated Ethernet or the 140NOE771x Ethernet network module for remote communication and control. This includes water authorities and electric utilities that depend on these PLCs for SCADA functions.

How it could be exploited

An attacker with network access to the Ethernet module sends crafted packets that trigger a denial-of-service condition, causing the module to become unresponsive and severing network connectivity to the Quantum or Premium PLC.

Prerequisites

Network access to the Ethernet module's port
No authentication required

remotely exploitableno authentication requiredlow complexityaffects communications module essential to plant operations

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

1 with fix1 pending1 EOL

ProductAffected VersionsFix Status

Quantum processors with integrated Ethernet - 140CPU65xxxxx all versionsAll versionsNo fix yet

Quantum Ethernet Network module 140NOE771x1≤ 7.07.1

Premium processors with integrated Ethernet all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement network access controls (firewall rules, network segmentation) to restrict Ethernet module connectivity to authorized engineering and control networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Quantum Ethernet Network module 140NOE77101 to firmware version 7.1 or later

HOTFIXUpgrade Quantum Ethernet Network module 140NOE77111 to firmware version 7.1 or later

Mitigations - no patch available

0/1

Premium processors with integrated Ethernet all versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor Ethernet module logs and uptime; establish procedures to detect and respond to unexpected module reboots or disconnections

CVEs (1)

CVE-2020-7477

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b94b74d6-2f7d-4781-a714-9a0c2a23c811

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.