OTPulse
FeedAboutContact

Modicon PAC Controllers

Plan Patch7.5SEVD-2022-221-04Aug 9, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric Modicon PAC Controllers contain a vulnerability that allows unauthorized read access to controller memory. This could expose sensitive information including application password hashes and project data to an attacker. Affected products include Modicon M340, M580, MC80, MOMENTUM, and legacy Quantum controllers.

What this means
What could happen
An attacker could read memory from your Modicon controller and steal sensitive data like password hashes and control logic, potentially enabling further attacks on your automation system.
Who's at risk
Energy and manufacturing organizations using Schneider Electric Modicon PAC Controllers for process automation, including Modicon M340, M580, M580 Safety, MC80, MOMENTUM, and legacy Quantum CPU models used in power distribution, water treatment, chemical processing, and discrete manufacturing.
How it could be exploited
An attacker with network access to the controller can read memory contents without authentication, extracting stored credentials and project configuration data that could be used to compromise system security or operations.
Prerequisites
  • Network access to the Modicon controller (typically port 502 or port 44818 for Ethernet)
  • No credentials required
  • Default controller network connectivity enabled
Remotely exploitableNo authentication requiredLow complexity attackExposes sensitive credentialsAffects safety-rated controllers
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (6)
5 with fix1 pending
ProductAffected VersionsFix Status
Modicon M340 CPU≤ 3.303.40
Modicon M580 CPU≤ 3.224.10
Modicon MC80≤ 1.61.70
Modicon MOMENTUM CPU≤ 2.3SV2.4
Legacy Modicon Quantum all versionsAll versionsNo fix yet
Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)<SV4.21SV4.21
Remediation & Mitigation
0/6
Do now
0/1
HARDENINGFor Modicon Quantum controllers where no fix is available, implement network segmentation and firewall rules to restrict unauthenticated network access to controllers
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

Modicon M340 CPU
HOTFIXUpdate Modicon M340 CPU to firmware version 3.40 or later
Modicon M580 CPU
HOTFIXUpdate Modicon M580 CPU to firmware version 4.10 or later (updated guidance: 4.02 or later per September 2022 advisory)
HOTFIXUpdate Modicon M580 CPU Safety (BMEP58*S and BMEH58*S) to firmware version SV4.21 or later; requires EcoStruxure Control Expert V16.0 HF001 or later
Modicon MC80
HOTFIXUpdate Modicon MC80 to firmware version 1.70 or later
Modicon MOMENTUM CPU
HOTFIXUpdate Modicon MOMENTUM CPU to firmware version SV2.4 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cbc3e71d-26a9-4ed6-9188-700a4ced3e2f
Modicon PAC Controllers | CVSS 7.5 - OTPulse