Web Server on Modicon M340, Legacy Offers Modicon Quantum Modicon Premium and associated Communication Modules

MonitorCVSS 5.3SEVD-2020-343-06Dec 8, 2020

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Denial-of-service vulnerability in the web server and FTP services on Modicon M340, Modicon Quantum, and Modicon Premium controllers and their Ethernet communication modules. An unauthenticated attacker on the network can send a malformed request to crash these services, making them unavailable. This affects both integrated Ethernet ports on processors and separate Ethernet communication modules (BMXNOE, BMXNOC, 140NOE series). Modicon M340 products have firmware fixes available. Modicon Quantum COPRO processors and Modicon Premium processors/modules have no patch planned, meaning these legacy devices cannot be fully remediated through vendor updates.

What this means

What could happen

An attacker on the network could trigger a denial-of-service attack against the Ethernet web and FTP services on these controllers, making them temporarily unavailable and potentially disrupting remote monitoring and engineering access to the PLC.

Who's at risk

Water authorities and industrial facilities running Modicon M340, Quantum, or Premium controllers with Ethernet communication modules for process automation, remote monitoring, and engineering access. Affects both the main CPU and separate Ethernet communication modules used for network connectivity.

How it could be exploited

An attacker with network access to the Ethernet port of an affected Modicon M340, Quantum, or Premium controller sends a specially crafted request to the built-in web server or FTP service, causing it to become unresponsive. This would take the web/FTP interface offline until the service is manually restarted.

Prerequisites

Network access to the Ethernet port on TCP/IP communication module or integrated Ethernet port
No authentication required
Web server or FTP service must be enabled on the controller

remotely exploitableno authentication requiredlow complexityno patch available for some products (Quantum COPRO, Premium processors/modules)

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (9)

5 with fix4 EOL

ProductAffected VersionsFix Status

Modicon M340 CPUs<3.303.30

Modicon M340 Ethernet Communication Modules<3.43.4

Modicon M340 Ethernet Communication Modules BMXNOE0110<6.66.6

Modicon M340 Ethernet Communication Modules BMXNOC0401 (H)<2.112.11

Modicon Quantum Communication Modules 140NOE771x1<7.37.3

Modicon Premium Communication Modules All versionsAll versionsNo fix (EOL)

Modicon Quantum Processors with Integrated Ethernet COPRO 140CPU65xx0 All versionsAll versionsNo fix (EOL)

Modicon Premium Processors with Integrated Ethernet COPRO All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDDisable web server and FTP services if not required for operations

HARDENINGRestrict network access to Ethernet communication modules and controller Ethernet ports using firewalls or ACLs to allow only trusted engineering workstations and SCADA servers

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M340 CPU firmware to version 3.30 or later

HOTFIXUpdate Modicon M340 BMXNOE0110 Ethernet Communication Module firmware to version 6.6 or later

HOTFIXUpdate Modicon M340 BMXNOC0401 Ethernet Communication Module firmware to version 2.11 or later

HOTFIXUpdate Modicon M340 BMXNOE0100 Ethernet Communication Module firmware to version 3.4 or later

HOTFIXUpdate Modicon Quantum 140NOE771x1 Communication Module firmware to version 7.3 or later

CVEs (1)

CVE-2020-7549

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b0fedd4c-adc6-4e6a-88bb-aea292208da1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.