OPC UA and X80 advanced RTU Modicon Communication Modules
Plan Patch7.5SEVD-2022-193-01Jul 12, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities exist in Schneider Electric BMENUA0100 (OPC UA Modicon Communication Module) and BMENOR2200H (X80 advanced RTU Communication Module) for the M580 PLC. These vulnerabilities can lead to denial of service of the webserver and bypass of the secure boot process, potentially allowing unauthorized firmware execution. BMENUA0100 versions ≤1.10 and BMENOR2200H versions 1.0 and 2.01 are affected.
What this means
What could happen
An attacker could crash the webserver on these Ethernet communication modules (causing denial of service) or bypass secure boot protections and load unauthorized firmware, potentially altering control logic or disabling safety functions on the M580 PLC.
Who's at risk
Operators of Schneider Electric M580 PLC systems using OPC UA (BMENUA0100) or X80 advanced RTU (BMENOR2200H) Ethernet communication modules should be concerned. These are network-connected modules used for SCADA communication and RTU protocol exchanges in energy and critical infrastructure environments. Any facility using these modules for real-time process control is at risk.
How it could be exploited
An attacker with network access to the module could send malformed packets to the webserver on port 502/TCP to trigger a denial-of-service condition, or exploit the secure boot bypass to load and run custom firmware without authentication. The module does not require valid credentials for the initial exploit.
Prerequisites
- Network access to port 502/TCP on the affected communication module
- Module must be reachable from the attacker's network (direct or via compromised internal host)
remotely exploitableno authentication requiredlow complexitydenial of service impactsecure boot bypass possibleaffects communication modules that control M580 PLC
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
OPC UA Modicon Communication Module (BMENUA0100)≤ 1.102.01
X80 advanced RTU Communication Module (BMENOR2200H) 1.01.03.02.02
X80 advanced RTU Communication Module (BMENOR2200H) 2.012.013.02.02
Remediation & Mitigation
0/7
Do now
0/2X80 advanced RTU Communication Module (BMENOR2200H) 1.0
WORKAROUNDConfigure BMENOR2200H to operate in Secured mode and change all default passwords
All products
HARDENINGImplement network segmentation and firewall rules to block all unauthorized access to port 502/TCP on these modules
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
OPC UA Modicon Communication Module (BMENUA0100)
HOTFIXUpdate BMENUA0100 to firmware version 2.01 or later
X80 advanced RTU Communication Module (BMENOR2200H) 1.0
HOTFIXUpdate BMENOR2200H to firmware version 3.02.02 or later
All products
HARDENINGVerify firmware integrity after download using Schneider Electric provided checksums or signatures
Long-term hardening
0/2X80 advanced RTU Communication Module (BMENOR2200H) 1.0
HARDENINGConfigure role-based access control and local authentication for BMENOR2200H module users
All products
HARDENINGUse IPsec to secure Ethernet communication to and from the modules
CVEs (7)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f6532b61-eeca-4bdf-84db-ae5041083733