OTPulse
FeedAboutContact

Modicon M218 Logic Controller

Monitor5.9SEVD-2020-224-03Aug 11, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

A memory access vulnerability (CWE-787) in the Modicon M218 Logic Controller can be triggered remotely via a crafted network packet, causing the device to stop responding. The vulnerability affects firmware versions 5.0.0.7 and earlier. Exploitation does not require authentication or user interaction but does require network-level access to the device. The impact is availability—the controller becomes unresponsive and must be rebooted.

What this means
What could happen
An attacker with network access could cause the M218 Logic Controller to stop responding or malfunction, disrupting control of electrical equipment and potentially leading to process shutdown or safety issues in energy facilities.
Who's at risk
Electrical utilities and energy facilities operating Modicon M218 Logic Controllers should assess their exposure. These devices are commonly used in automation and control systems for power distribution, generation control, and equipment protection. Any site using M218 controllers in critical control loops for energy management is affected.
How it could be exploited
An attacker sends a specially crafted network packet to the M218 controller on the industrial network. The vulnerability is triggered by out-of-bounds memory access, causing the device to crash or become unresponsive. No authentication or user interaction is required.
Prerequisites
  • Network access to the M218 Logic Controller
  • Device running firmware version 5.0.0.7 or earlier
remotely exploitableno authentication requiredhigh complexity attackaffects industrial process controlrequires maintenance window to patch
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon M218 Logic Controller V5.0.0.7 and prior≤ 5.0.0.75.0.0.8
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M218 Logic Controller firmware to version 5.0.0.8 or later
HARDENINGPlan a maintenance window to perform the firmware update, as a device reboot is required after the update
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dbc20819-2a61-4f28-bac3-9b3738ff0255
Modicon M218 Logic Controller | CVSS 5.9 - OTPulse