Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium

Plan Patch7.5SEVD-2020-343-08Dec 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Modicon Ethernet programmable automation controllers (Quantum, M580, M340, Premium) can be triggered by network packets to cause a denial of service condition. The affected controller enters a non-recoverable fault state, requiring manual recovery or replacement to restore operation. Quantum (140CPU65xxxxx) and Premium (TSXP574634, TSXP575634, TSXP576634) have no fix planned. M580 (BMEx58xxxxx) is fixed in firmware 3.20. M340 (BMX P34x) is fixed in firmware 3.30.

What this means

What could happen

An attacker with network access could trigger a denial of service condition that forces the PLC into a non-recoverable fault state, halting process automation and requiring manual intervention or controller replacement to restore operations.

Who's at risk

Energy utilities and manufacturing plants operating Modicon Quantum, M580, M340, or Premium programmable logic controllers (PLCs) should assess their inventory immediately. These controllers are critical to process automation, motor control, and infrastructure management. Organizations still running unsupported Quantum or Premium models face indefinite risk.

How it could be exploited

An attacker sends a specially crafted network packet to the Modicon controller's Ethernet port. The controller processes the malformed input and enters a fault state from which it cannot automatically recover. Normal restart procedures fail to restore operation.

Prerequisites

Network access to the Modicon controller's Ethernet port
No authentication required
Attacker can reach the controller from the network (DMZ, same subnet, or routable network path)

remotely exploitableno authentication requiredlow complexityhigh impact denial of serviceno patch available for Quantum and Premiumaffects critical process automation

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

Modicon Quantum CPUs - 140CPU65xxxxx all versionsAll versionsNo fix (EOL)

Modicon M580 CPUs - BMEx58xxxxx prior to<3.203.20

Modicon M340 CPUs - BMX P34x prior to<3.303.30

Modicon Premium CPUs - TSXP574634, TSXP575634, TSXP576634 all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDApply Modicon M580 vendor mitigations (see vendor documentation) if firmware upgrade cannot be scheduled immediately

WORKAROUNDApply Modicon M340 vendor mitigations (see vendor documentation) if firmware upgrade cannot be scheduled immediately

HARDENINGFor Modicon Quantum and Premium controllers (no patch available), deploy firewall rules to block unauthorized inbound traffic to the controller and monitor for suspicious network activity

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Modicon M580 firmware to version 3.20 or later

HOTFIXUpgrade Modicon M340 firmware to version 3.30 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Modicon Quantum CPUs - 140CPU65xxxxx all versions, Modicon Premium CPUs - TSXP574634, TSXP575634, TSXP576634 all versions. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict Ethernet access to Modicon controllers; allow only trusted engineering workstations and SCADA systems to communicate with these devices

CVEs (3)

CVE-2020-7537 CVE-2020-7542 CVE-2020-7543

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fd6dfb33-5d86-441b-9a8f-2710a6fbc5b6