OTPulse
FeedAboutContact

Modicon LMC078 Logic Controller additional URGENT/11 Fix

Monitor7.5SEVD-2020-161-03Jun 9, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric has identified a vulnerability in the Modicon LMC078 Logic Controller introduced by a VxWorks patch from Wind River that addressed URGENT/11 vulnerabilities. The issue affects firmware version 1.51.15.05 and later. The vulnerability allows an unauthenticated attacker on the network to cause a denial of service (device crash) via a specially crafted network packet. No remote code execution is possible. The vendor has not announced a patch to correct this issue.

What this means
What could happen
An attacker with network access to the Modicon LMC078 controller can crash the device, causing loss of availability and potential interruption to critical energy operations. No remote code execution or data loss is possible.
Who's at risk
Electric utilities and energy infrastructure operators running Modicon LMC078 Logic Controllers for process control, substation automation, or other critical energy management functions are affected. Any facility relying on this controller for continuous operation of generation, transmission, or distribution equipment should be concerned.
How it could be exploited
An attacker on the network reachable by the LMC078 sends a specially crafted network packet that triggers a denial-of-service condition in the VxWorks kernel. The controller becomes unresponsive and must be physically rebooted to restore operation.
Prerequisites
  • Network access to the LMC078 controller (ethernet port)
  • No credentials or authentication required
  • LMC078 must be running firmware version 1.51.15.05 or later
Remotely exploitableNo authentication requiredLow complexity attackDenial of service impactNo patch availableAffects critical energy operations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon LMC078 Logic Controller running with firmware V1.51.15.05 and later≥ 1.51.15.05No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate the LMC078 controller behind a firewall and restrict network access from the business network and Internet
HARDENINGImplement network segmentation: place the LMC078 on a dedicated control network separate from all other networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGRestrict physical access to the LMC078 with locked enclosures and prevent unauthorized personnel from accessing the controller
HARDENINGDisable or restrict remote access; if required, use secure methods such as a VPN to limit attack surface
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/05418648-8cb4-449f-9bbc-6250de8f63d6