Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules

Act Now10SEVD-2020-287-01Oct 13, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability exists in the web server of Schneider Electric Modicon M340, Premium, and Quantum legacy controllers and their communication modules. An authenticated attacker could execute arbitrary commands on the web server, resulting in loss of availability, confidentiality, and integrity of the controller.

What this means

What could happen

An authenticated attacker could execute arbitrary commands on the web server running on Modicon controllers, potentially altering control logic, stopping industrial processes, or disrupting power distribution and manufacturing operations.

Who's at risk

Electric utilities and manufacturing facilities using Schneider Electric Modicon M340, Premium, or Quantum legacy controllers with Ethernet connectivity. This affects both integrated Ethernet processors and standalone communication modules used for remote monitoring and control of power distribution and industrial processes.

How it could be exploited

An attacker with valid credentials to the web server can send specially crafted requests to execute arbitrary commands on the affected Modicon processor or communication module. This requires network access to the web server port and valid authentication credentials.

Prerequisites

Network access to the web server on the affected Modicon device
Valid web server authentication credentials
Knowledge of internal command structure or ability to discover it through reconnaissance

Remotely exploitable via networkRequires valid credentials (authentication required)Low attack complexityNo patch available for legacy M340 CPUsCritical CVSS score (10.0)Affects industrial control systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

M340 CPUs BMX P34x prior to firmware<3.203.20

M340 Communication Ethernet modules BMX NOE 0100 (H) prior to<3.33.3

M340 Communication Ethernet modules BMX NOC 0401 prior to<2.102.10

Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634 prior to 6.1 version<6.16.1

Premium communication modules TSXETY4103 prior to<6.26.2

Premium communication modules TSXETY5103 prior to<6.46.4

Quantum processors with integrated Ethernet COPRO 140CPU65xxxxx prior to 6.1 version<6.16.1

Quantum communication modules 140NOE771x1 prior to<7.17.1

Remediation & Mitigation

0/14

Do now

0/2

WORKAROUNDRestrict network access to the web server port on affected controllers using firewall rules; only allow connections from authorized engineering workstations

HARDENINGChange default web server credentials and enforce strong, unique passwords for each controller

Schedule — requires maintenance window

0/11

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Modicon controllers on a dedicated OT network with restricted access from the corporate network

CVEs (1)

CVE-2020-7533

View full Schneider Electric advisory

↑↓ Navigate · Esc Close