Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and Associated Communication Modules
Plan Patch7.5SEVD-2020-343-05Dec 8, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A path traversal vulnerability in the web server on Modicon M340, Quantum, and Premium controllers and associated communication modules allows an attacker to read sensitive files and configuration data without authentication. The vulnerability affects the Ethernet-enabled modules used for remote monitoring and control in industrial automation environments.
What this means
What could happen
An attacker can read sensitive information from the web server on these Modicon controllers, such as configuration files or engineering data, without any credentials.
Who's at risk
Water authorities and electric utilities using Schneider Electric Modicon M340, Quantum, or Premium PLCs and communication modules for SCADA and process automation. This includes organizations that depend on these controllers for critical infrastructure operations like water treatment, distribution, or electrical generation and transmission.
How it could be exploited
An attacker reaches the web server on port 80/443 of the Modicon controller from the network and requests files or directories outside the intended scope using path traversal techniques. The vulnerable web server processes these requests and returns sensitive files stored on the device.
Prerequisites
- Network reachability to the web server port (80 or 443) on the Modicon controller
- No authentication required
remotely exploitableno authentication requiredlow complexityaffects configuration data and engineering information disclosure
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (13)
5 with fix8 EOL
ProductAffected VersionsFix Status
Modicon M340 CPUs BMXP34*<V3.30Firmware V3.30
Modicon M340 X80 Ethernet Communication modules BMXNOE0100 (H) prior to<V3.4Firmware V3.4
Modicon M340 X80 Ethernet Communication modules BMXNOE0110 (H) prior to<V6.6Firmware V6.6
Modicon M340 X80 Ethernet Communication modules BMXNOC0401 <V2.11<V2.11V2.11
Modicon Quantum communication modules 140NOE771x1<V7.3Firmware V7.3
Modicon Premium processors with integrated Ethernet COPRO TSXP574634 all versionsall versionsNo fix (EOL)
Modicon Premium processors with integrated Ethernet COPRO TSXP575634 all versionsall versionsNo fix (EOL)
Modicon Premium processors with integrated Ethernet COPRO TSXP576634 all versionsall versionsNo fix (EOL)
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDRestrict network access to the web server on Modicon controllers using firewall rules to allow only authorized engineering workstations or management networks
WORKAROUNDDisable the web server on Modicon Premium and Quantum devices that cannot be patched if the web interface is not required for operations
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
Modicon M340 CPUs BMXP34*
HOTFIXUpdate Modicon M340 CPUs BMXP34* firmware to V3.30 or later
All products
HOTFIXUpdate Modicon M340 X80 Ethernet Communication module BMXNOE0100(H) firmware to V3.4 or later
HOTFIXUpdate Modicon M340 X80 Ethernet Communication module BMXNOE0110(H) firmware to V6.6 or later
HOTFIXUpdate Modicon M340 X80 Ethernet Communication module BMXNOC0401 firmware to V2.11 or later
HOTFIXUpdate Modicon Quantum communication module 140NOE771x1 firmware to V7.3 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Modicon Premium processors with integrated Ethernet COPRO TSXP574634 all versions, Modicon Premium processors with integrated Ethernet COPRO TSXP575634 all versions, Modicon Premium processors with integrated Ethernet COPRO TSXP576634 all versions, Modicon Quantum communication modules 140NOC78x00 all versions, Modicon Quantum communication modules 140NOC77101 all versions, Modicon Premium communication modules TSXETY4103 all versions, Modicon Premium communication modules TSXETY5103 all versions, Modicon Quantum processors with integrated Ethernet COPRO 140CPU65xxxxx all versions. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate Modicon controllers on a dedicated industrial network with limited external access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9f0f61c3-84eb-491b-9207-3d934c5175c3