OTPulse
FeedAboutContact

Modicon M241 & M251 Logic Controllers

Plan Patch7.5SEVD-2021-130-05May 11, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A buffer overflow vulnerability exists in Modicon M241 and M251 Programmable Logic Controllers in firmware versions prior to V5.1.9.1. The vulnerability allows a remote attacker to send a specially crafted message that overflows the controller's memory buffer, causing the device to become unavailable and requiring a manual reboot. The M241 and M251 are used in performance-demanding industrial automation applications including process control and motor management.

What this means
What could happen
A buffer overflow in the Modicon M241/M251 controller could cause the device to stop responding, interrupting your industrial process until it is rebooted.
Who's at risk
Manufacturing facilities, water utilities, and power distribution operators using Modicon M241 or M251 logic controllers for process automation, motor control, or safety-related functions. Any facility where an unplanned controller shutdown would disrupt operations.
How it could be exploited
An attacker with network access to the controller could send a specially crafted message that overflows the controller's memory buffer, causing it to crash and become unavailable. The attack requires no authentication or special credentials.
Prerequisites
  • Network access to the Modicon M241/M251 controller on the industrial network
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects availability of safety-critical equipment
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Modicon M241/M251 logic controllers firmware prior to V5.1.9.1<5.1.9.1V5.1.9.14 or higher
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to the Modicon M241/M251 controllers using firewall rules or network segmentation; only authorized engineering workstations should reach these devices on ports used for configuration and monitoring.
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241/M251 controller firmware to version V5.1.9.14 or higher (available through EcoStruxure Machine Expert V2.0 or above). Plan a maintenance window as a reboot is required.
HOTFIXUpdate EcoStruxure Machine Expert on all engineering workstations to version V2.0 or above to enable deployment of the patched firmware.
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d45a3b5f-d8b2-4ef4-aeeb-57f4b1017b2c