EcoStruxureTM Control Expert, EcoStruxureTM Process Expert, SCADAPack RemoteConnect™ x70, and Modicon Controllers M580 and M340
Act Now9.8SEVD-2021-194-01Jul 13, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric products contain multiple vulnerabilities including arbitrary code execution and loss of confidentiality/integrity of project files. Attack vectors include an authenticated user at an engineering station or an unauthenticated user gaining access to a project file or the process control network. The vulnerabilities affect EcoStruxure™ Control Expert (<15.1), EcoStruxure™ Process Expert (<2021), Modicon M580 CPU (All versions), Modicon M340 CPU (<3.50), Modicon M580 CPU Safety (<SV4.21), and SCADAPack RemoteConnect™ x70 (<R2.7.3).
What this means
What could happen
An attacker could execute arbitrary code on affected engineering workstations or control devices, potentially altering program logic, process setpoints, or stopping critical operations. Loss of project file integrity could allow unauthorized modifications to control logic that persist across restarts.
Who's at risk
Engineering and manufacturing organizations using Schneider Electric's EcoStruxure™ engineering platforms and Modicon M580/M340 programmable logic controllers should be concerned. This affects any facility where these control systems manage critical processes—water treatment, power generation, manufacturing lines, etc. Both the engineering workstations and the PLCs themselves are at risk.
How it could be exploited
An attacker with credentials to an engineering workstation running affected EcoStruxure software, or one who obtains an unencrypted project file, could inject malicious code into the project. This code would then be deployed to connected Modicon M580/M340 controllers, giving the attacker command execution on the PLCs controlling physical processes.
Prerequisites
- Authentication credentials for engineering workstation, OR access to unencrypted project files stored on network or in shared locations
- Network connectivity to the engineering workstation or process control network where project files are accessible
Remotely exploitable from engineering networkAffects control devices (PLCs) that manage critical operationsCan result in arbitrary code execution on process controllersNo authentication required if attacker obtains project fileMultiple affected product lines with widespread installed base
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
EcoStruxure™ Control Expert<15.0 SP115.1
EcoStruxure™ Process Expert<20212021
Modicon M580 CPU, All versionsAll versionsSV4.10
Modicon M340 CPU<3.503.50
Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)<SV4.21SV4.21
Modicon M580 CPU 4.024.02SV4.10
Modicon M580 CPU<SV4.10SV4.10
SCADAPack RemoteConnect™ for x70<R2.7.3R2.7.3
Remediation & Mitigation
0/9
Do now
0/3HARDENINGEnable the file encryption feature on all new EcoStruxure™ projects; apply to existing projects from trusted sources only
HARDENINGStore project files in secure, access-controlled locations with restricted network access
HARDENINGRestrict access to engineering stations; limit who can download or modify project files
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
EcoStruxure™ Control Expert
HOTFIXUpdate EcoStruxure™ Control Expert to version 15.1 or later
EcoStruxure™ Process Expert
HOTFIXUpdate EcoStruxure™ Process Expert to version 2021 or later
Modicon M580 CPU
HOTFIXUpdate Modicon M580 CPU firmware to SV4.10 or later
HOTFIXUpdate Modicon M580 CPU Safety firmware to SV4.21 or later
Modicon M340 CPU
HOTFIXUpdate Modicon M340 CPU firmware to version 3.50 or later
All products
HOTFIXUpdate SCADAPack RemoteConnect™ x70 to version R2.7.3 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/64dbb3b1-1a0e-4b7b-8a30-8c50d61077f7