Schneider Electric Modbus Serial Driver

Plan Patch7.8SEVD-2020-224-01Aug 11, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Schneider Electric Modbus Serial Driver contains a privilege escalation vulnerability due to improper permission handling. An attacker with local user access can escalate privileges and execute arbitrary code with elevated permissions, potentially intercepting or modifying Modbus communications to field devices. The vulnerability affects standalone Modbus Serial Driver (32-bit and 64-bit versions), Modbus Driver Suite, EcoStruxure Power Commission, and EcoStruxure Machine Expert Basic.

What this means

What could happen

An attacker with local access and low privileges could execute arbitrary code with elevated permissions on systems running the vulnerable Modbus Serial Driver, potentially allowing them to modify communications with connected PLCs, meters, or other industrial devices.

Who's at risk

This affects energy utilities and industrial facilities that use Schneider Electric's Modbus Serial Driver for communications with RTUs, PLCs, smart meters, and other field devices. Engineering workstations and SCADA/HMI servers running the standalone Modbus Serial Driver (32-bit or 64-bit versions) or integrated driver suites are at risk.

How it could be exploited

An attacker with a standard user account on a workstation running the Modbus Serial Driver could exploit an improper permission handling flaw to gain higher privileges and execute code that intercepts or alters Modbus traffic to connected field devices. This requires local access to the engineering workstation.

Prerequisites

Local access to a workstation running Modbus Serial Driver
Standard user account (non-administrator)
Modbus Serial Driver version below 64-bit V3.20 IE 30 or 32-bit V2.20 IE 30 (for standalone driver) or below V14.15.0.0 (for Driver Suite)

Privilege escalation vulnerabilityImproper access control (CWE-269)Requires local workstation accessLow complexity exploitationAffects control system communications

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (3)

1 with fix2 EOL

ProductAffected VersionsFix Status

Schneider Electric Modbus Driver Suite<V14.15.0.0V14.15.0.0

Schneider Electric Modbus Serial Driver (64 bits)<V3.20 IE 30No fix (EOL)

Schneider Electric Modbus Serial Driver (32 bits)<V2.20 IE 30No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict local user access on engineering workstations running Modbus Serial Driver to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Schneider Electric Modbus Driver Suite

HOTFIXUpdate Schneider Electric Modbus Driver Suite to version V14.15.0.0 or later

All products

HOTFIXIf using EcoStruxure Power Commission, update to version V6.0 or later

HOTFIXIf using EcoStruxure Machine Expert Basic, update to version V1.1 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Schneider Electric Modbus Serial Driver (64 bits), Schneider Electric Modbus Serial Driver (32 bits). Apply the following compensating controls:

HARDENINGImplement workstation hardening and network segmentation per Schneider Electric Cybersecurity Best Practices guide

CVEs (1)

CVE-2020-7523

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8c72cad5-31c8-4d46-a6e2-41a553d90a08