Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (V2.0)
Plan Patch7.5SEVD-2020-343-03Dec 8, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability exists in the embedded web server of Modicon M340, Modicon Quantum, and Modicon Premium controllers and their associated communication modules. The web server does not properly authenticate or validate requests, allowing an unauthenticated attacker with network access to execute commands on the controller. This could allow modification of control logic, process setpoints, or operational shutdown. Some product variants (Modicon Quantum 140NOE771x1, 140NOC78x00, 140NOC77101, and M340 CPUs) are end-of-life with no patches planned.
What this means
What could happen
An unauthenticated attacker with network access to the web server port could execute arbitrary commands on the controller, potentially altering process control logic, setpoints, or stopping operations. This affects availability and system integrity.
Who's at risk
Utilities and manufacturing facilities using Modicon M340, Modicon Premium, or Modicon Quantum programmable controllers for critical process control should assess their exposure. This affects anyone running these legacy Schneider Electric controllers in water treatment, power distribution, manufacturing, or other industrial automation environments where process integrity is essential.
How it could be exploited
An attacker sends a crafted request to the unprotected web server running on the Modicon controller (typically port 80 or 443). The web server does not properly validate input or enforce authentication, allowing the attacker to execute commands directly on the controller's operating system or control logic.
Prerequisites
- Network access to the web server port on the affected Modicon controller (typically TCP 80/443)
- No valid credentials required
remotely exploitableno authentication requiredlow complexityaffects process integrity and availabilityaffects industrial control systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (12)
8 with fix4 EOL
ProductAffected VersionsFix Status
Modicon M340 Ethernet Communication modules BMXNOE0100 (H)<3.33.3
Modicon M340 Ethernet Communication modules BMXNOE0110 (H)<6.53.3
Modicon M340 Ethernet Communication modules BMXNOC0401 (H)<2.103.3
Modicon Premium communication modules TSXETY4103<6.26.2
Modicon Premium communication modules TSXETY4103 prior to V6.4<6.46.2
Modicon Premium processors with integrated Ethernet COPRO<6.16.1
Modicon Quantum processors with integrated Ethernet COPRO 140CPU65xx0 prior to V6.1<6.16.1
Modicon X80 BMXNOR0200H RTU module BMXNOR200H<1.70 IR 231.70 IR 23
Remediation & Mitigation
0/9
Do now
0/2WORKAROUNDImplement firewall rules to restrict network access to the web server port (80/443) on affected controllers to only authorized engineering workstations or maintenance staff
HARDENINGDisable the web server functionality if not operationally required, or place affected controllers on an isolated engineering network segment with restricted access
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Modicon M340 BMXNOE0100 communication module firmware to version 3.3 or later
HOTFIXUpgrade Modicon M340 BMXNOE0110 communication module firmware to version 6.5 or later
HOTFIXUpgrade Modicon M340 BMXNOC0401 communication module firmware to version 2.10 or later
HOTFIXUpgrade Modicon Premium TSXETY4103 communication module firmware to version 6.2 or later
HOTFIXUpgrade Modicon Premium processors with integrated Ethernet (COPRO) firmware to version 6.1 or later
HOTFIXUpgrade Modicon Quantum processors with integrated Ethernet (COPRO 140CPU65xx0) firmware to version 6.1 or later
HOTFIXUpgrade Modicon X80 BMXNOR0200H RTU module firmware to version 1.70 IR 23 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8b368e84-d0b5-4198-b29b-76bfef570653