Treck HTTP Server Vulnerability on TM3 Bus Coupler Modules (V2.0)
Act Now10SEVD-2020-353-02Dec 18, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Treck HTTP Server component vulnerability in Schneider Electric TM3 Bus Coupler modules (firmware versions 2.0.50.2 and 2.1.50.2 or earlier) allows heap-based buffer overflow via a specially crafted HTTP request. The overflow can crash the webserver, causing Denial of Service and loss of management/monitoring access to the coupler and downstream fieldbus devices.
What this means
What could happen
A heap buffer overflow in the embedded HTTP server could crash the TM3 Bus Coupler and disrupt communication between your Ethernet-to-industrial fieldbus network, causing loss of visibility and control of downstream devices like PLCs and I/O modules.
Who's at risk
Schneider Electric TM3 Bus Coupler modules used to interface Ethernet networks (EtherCAT, EtherNet/IP, MODBUS, CANopen) with industrial fieldbus devices in energy facilities. This affects distribution automation systems, remote terminal units (RTUs), and any infrastructure where TM3 couplers bridge IT and OT networks.
How it could be exploited
An attacker with network access to the TM3 Bus Coupler's HTTP port (typically 80) can send a specially crafted HTTP request that triggers a buffer overflow in Treck's HTTP server component. This causes the webserver to crash or become unresponsive, denying service to legitimate management and monitoring connections.
Prerequisites
- Network access to the TM3 Bus Coupler's HTTP port (port 80 or configured alternative)
- No authentication required to trigger the vulnerability
- Vulnerable firmware version (2.0.50.2 or 2.1.50.2) running on the device
Remotely exploitable from networkNo authentication requiredLow attack complexityCritical CVSS score (10.0)Affects critical network gateway deviceVendor fix available (patch can be deployed)
Exploitability
Moderate exploit probability (EPSS 3.8%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
TM3 Bus Coupler firmware≤ 2.1.50.22.2.1.1
TM3 Bus Coupler firmware≤ 2.0.50.22.2.1.1
TM3 Bus Coupler <=2.0.50.2≤ 2.0.50.22.2.1.1
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the TM3 Bus Coupler's HTTP port (port 80) using firewall rules to block untrusted sources
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
TM3 Bus Coupler firmware
HOTFIXUpgrade TM3 Bus Coupler firmware to version 2.2.1.1 (for EtherCAT/EIP models) or 2.1.1.1 (for MODBUS SL or CANopen models)
Long-term hardening
0/1HARDENINGPlace the TM3 Bus Coupler on a segmented industrial network separate from corporate IT and the Internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/91848a66-0ba8-4a15-a53d-acf166186e58