Modicon M218 Logic Controller

Monitor5.9SEVD-2020-161-01Jun 9, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Schneider Electric has identified a buffer overflow vulnerability (CWE-787) in the Modicon M218 Logic Controller that can cause denial of service. The vulnerability affects firmware version 4.3 and all earlier versions. An attacker with network access can trigger the overflow condition to crash the device and make it unavailable.

What this means

What could happen

An attacker with network access to a Modicon M218 controller could cause it to become unavailable or unresponsive, disrupting automated processes and control operations in energy facilities until the device is manually recovered.

Who's at risk

Energy sector operators who use Modicon M218 Logic Controllers in power generation, transmission, or distribution systems should assess their exposure. This controller is commonly used in automated process control, and unavailability could disrupt normal operations or require manual intervention.

How it could be exploited

An attacker on the network segment containing the M218 controller can send a specially crafted message or trigger a specific condition that causes a buffer overflow, crashing the device and making it unavailable. This requires network-level access but no credentials or authentication.

Prerequisites

Network access to the M218 controller
Device must be running firmware version 4.3 or earlier
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects control systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Modicon M218 firmware V4.3 and prior≤ 4.3No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

HARDENINGIsolate the Modicon M218 and control system networks from the business network using firewalls and network segmentation

HARDENINGPlace M218 controllers in locked cabinets and ensure they are never left in Program mode

HARDENINGRestrict network access to the M218 so it is not reachable from the Internet or untrusted networks

HARDENINGImplement access controls to prevent unauthorized personnel from physically accessing the M218 controller

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Modicon M218 firmware to a version newer than V4.3 if available from Schneider Electric

WORKAROUNDIf remote access to the M218 is required, use a secure VPN connection and keep VPN software updated to the latest version

Mitigations - no patch available

0/1

Modicon M218 firmware V4.3 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGScan all removable media (USB drives, CDs) for malware before connecting to the isolated control network

CVEs (1)

CVE-2020-7502

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fbbf2f25-ab88-49d9-9b03-69be0e09a941