OTPulse
FeedAboutContact

Modicon Managed Switch

Act Now9.8SEVD-2021-130-01May 11, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Modicon Managed Switch products (MCSESM and MCSESP models) contain a vulnerability that allows an unauthenticated attacker with network access to reset any user password. An attacker exploiting this could gain complete administrative control of the switch, enabling denial of service attacks, network manipulation, or unauthorized access to connected industrial control systems and devices.

What this means
What could happen
An attacker could reset any user's password on the Modicon Managed Switch, giving them full administrative control of your network switch. This could result in denial of service, network outages, or unauthorized access to connected industrial devices and control systems.
Who's at risk
Energy and manufacturing facilities operating Modicon Managed Switch products, particularly those using MCSESM or MCSESP models for industrial Ethernet networks. Any operator or facility manager responsible for network infrastructure in ICS/OT environments should prioritize this.
How it could be exploited
An attacker with network access to the switch can exploit this vulnerability to change any user password without knowing the current password or possessing valid credentials. Once administrative access is obtained, the attacker can reconfigure the switch, block network traffic, or redirect traffic to intercept data from your industrial devices.
Prerequisites
  • Network access to the Modicon Managed Switch management interface (typically Ethernet port on the switch)
  • No authentication required to exploit the vulnerability
remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.8)affects network switch controlling access to industrial devicesno patch available for affected versions
Exploitability
Moderate exploit probability (EPSS 2.0%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior≤ 8.21No fix yet
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGImplement network segmentation to restrict access to the switch management interface, allowing only authorized workstations
WORKAROUNDTest patches in a non-production environment or offline infrastructure before deployment
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon Managed Switch firmware to version 8.22 or later
HOTFIXApply the firmware upgrade twice with the same version to prevent rollback, following the procedure in the MCSESM/MCSESM-E User Manual
HARDENINGChange all user passwords on the Modicon Managed Switch after patching
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/bd91c3a0-a824-4e56-9018-b5fb5aaa45a0
Modicon Managed Switch | CVSS 9.8 - OTPulse