Web Server on Modicon M340, Legacy Offers Modicon Quantum Modicon Premium and associated Communication Modules
Monitor5.3SEVD-2020-343-06Dec 8, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Denial-of-service vulnerability in the web server and FTP services on Modicon M340, Modicon Quantum, and Modicon Premium controllers and their Ethernet communication modules. An unauthenticated attacker on the network can send a malformed request to crash these services, making them unavailable. This affects both integrated Ethernet ports on processors and separate Ethernet communication modules (BMXNOE, BMXNOC, 140NOE series). Modicon M340 products have firmware fixes available. Modicon Quantum COPRO processors and Modicon Premium processors/modules have no patch planned, meaning these legacy devices cannot be fully remediated through vendor updates.
What this means
What could happen
An attacker on the network could trigger a denial-of-service attack against the Ethernet web and FTP services on these controllers, making them temporarily unavailable and potentially disrupting remote monitoring and engineering access to the PLC.
Who's at risk
Water authorities and industrial facilities running Modicon M340, Quantum, or Premium controllers with Ethernet communication modules for process automation, remote monitoring, and engineering access. Affects both the main CPU and separate Ethernet communication modules used for network connectivity.
How it could be exploited
An attacker with network access to the Ethernet port of an affected Modicon M340, Quantum, or Premium controller sends a specially crafted request to the built-in web server or FTP service, causing it to become unresponsive. This would take the web/FTP interface offline until the service is manually restarted.
Prerequisites
- Network access to the Ethernet port on TCP/IP communication module or integrated Ethernet port
- No authentication required
- Web server or FTP service must be enabled on the controller
remotely exploitableno authentication requiredlow complexityno patch available for some products (Quantum COPRO, Premium processors/modules)
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (9)
5 with fix4 EOL
ProductAffected VersionsFix Status
Modicon M340 CPUs<3.303.30
Modicon M340 Ethernet Communication Modules<3.43.4
Modicon M340 Ethernet Communication Modules BMXNOE0110<6.66.6
Modicon M340 Ethernet Communication Modules BMXNOC0401 (H)<2.112.11
Modicon Quantum Communication Modules 140NOE771x1<7.37.3
Modicon Premium Communication Modules All versionsAll versionsNo fix (EOL)
Modicon Quantum Processors with Integrated Ethernet COPRO 140CPU65xx0 All versionsAll versionsNo fix (EOL)
Modicon Premium Processors with Integrated Ethernet COPRO All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/2WORKAROUNDDisable web server and FTP services if not required for operations
HARDENINGRestrict network access to Ethernet communication modules and controller Ethernet ports using firewalls or ACLs to allow only trusted engineering workstations and SCADA servers
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
HOTFIXUpdate Modicon M340 CPU firmware to version 3.30 or later
HOTFIXUpdate Modicon M340 BMXNOE0110 Ethernet Communication Module firmware to version 6.6 or later
HOTFIXUpdate Modicon M340 BMXNOC0401 Ethernet Communication Module firmware to version 2.11 or later
HOTFIXUpdate Modicon M340 BMXNOE0100 Ethernet Communication Module firmware to version 3.4 or later
HOTFIXUpdate Modicon Quantum 140NOE771x1 Communication Module firmware to version 7.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b0fedd4c-adc6-4e6a-88bb-aea292208da1