Modicon M340 Controller and Communication Modules

Plan Patch7.5SEVD-2022-102-02Apr 12, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vulnerability in Modicon M340 Controller and Communication Modules that allows a remote attacker to cause denial of service to Ethernet communication. By sending crafted packets to port 161/UDP, an attacker can cause the affected device to stop responding, potentially interrupting controller availability and process communication. Affected products include Modicon M340 CPUs (BMXP34*), X80 Ethernet Communication modules (BMXNOE0100 (H), BMXNOE0110 (H)), and the BMXNOR0200H Ethernet Serial RTU module.

What this means

What could happen

An attacker with network access can send malicious packets to port 161/UDP that cause the Modicon M340 controller or communication modules to stop responding, interrupting Ethernet communication and potentially disrupting process control or data collection.

Who's at risk

Energy sector operators, particularly those running Modicon M340 controllers and X80 Ethernet communication modules in process automation and industrial control systems. This affects sites using these controllers for SCADA, process control, or remote monitoring over Ethernet networks.

How it could be exploited

An attacker sends a crafted UDP packet to port 161 (SNMP) on the Modicon M340 controller or communication module. The device fails to properly validate the packet, resulting in a denial of service where Ethernet communication becomes unavailable.

Prerequisites

Network access to port 161/UDP on the Modicon M340 controller or communication module
No authentication required

remotely exploitableno authentication requiredlow complexityaffects availability of control system communication

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon M340 CPUs BMXP34*<3.503.50

Modicon M340 X80 Ethernet Communication modules BMXNOE0100 (H)<SV03.50SV03.50

Modicon M340 X80 Ethernet Communication modules 1.7 IR241.7 IR24<1.7 IR24

Modicon M340 X80 Ethernet Communication modules BMXNOE0110 (H)<SV06.70SV06.70

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDImplement network segmentation and firewall rules to block all unauthorized access to port 161/UDP on affected devices

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Modicon M340 CPUs (BMXP34*) to firmware version 3.50 or later

HOTFIXUpgrade BMXNOE0100 (H) Ethernet Communication module to firmware version SV03.50 or later

HOTFIXUpgrade BMXNOE0110 (H) Ethernet Communication module to firmware version SV06.70 or later

HOTFIXUpgrade BMXNOR0200H Ethernet Serial RTU module to firmware version 1.7 IR24 or later

Long-term hardening

0/2

HARDENINGConfigure Access Control Lists on the Modicon M340 modules following the Modicon M340 for Ethernet Communications Modules and Processors User Manual (chapter Messaging Configuration Parameters)

HARDENINGEstablish a VPN tunnel between the Modicon PLC modules and the EcoStruxure Control Expert engineering workstation to protect remote management traffic

CVEs (1)

CVE-2022-0222

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a9ca28a5-2dbe-47d4-a2dc-18b52768baaa