EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers)

Plan Patch7.5SEVD-2023-010-05Jan 10, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Schneider Electric has disclosed multiple vulnerabilities in EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon PLCs/PACs that allow unauthorized access without authentication. Successful exploitation could result in denial of service and loss of confidentiality and integrity of the controller. The vulnerability requires specific network conditions (high attack complexity) but no valid credentials to trigger. Modicon M340, M580, M580 Safety, Momentum Unity M1E, and MC80 have firmware fixes available. Legacy Modicon Quantum and Premium CPUs have no fix planned and remain vulnerable in all versions. EcoStruxure Process Expert has no fix available for any version.

What this means

What could happen

An attacker could gain unauthorized access to a Modicon PLC or PAC, potentially allowing them to modify control logic, alter process setpoints, or stop critical industrial operations. This affects the confidentiality, integrity, and availability of automated processes in power plants, water systems, and manufacturing facilities.

Who's at risk

Organizations operating Modicon PLCs and PACs in energy, power generation, water treatment, and manufacturing are affected. Specifically: water authorities using Modicon M340, M580, or MC80 controllers; electrical utilities with Modicon PACs; manufacturing plants using EcoStruxure Control Expert or Process Expert for automation. Legacy systems (Quantum and Premium CPUs) have no vendor patch available.

How it could be exploited

An attacker on the network can send specially crafted requests to the PLC or PAC without valid credentials. The vulnerability requires high attack complexity (network-specific conditions), but once exploited allows the attacker to execute commands with controller privileges. Legacy systems (Quantum and Premium CPUs) have no patch available and remain vulnerable indefinitely.

Prerequisites

Network access to the PLC/PAC management interface or control port
Specific network conditions that increase attack complexity (e.g., timing or state-dependent exploitation)
No valid credentials required
System must not have compensating network controls in place (firewall restrictions, network segmentation)

remotely exploitableno authentication requiredhigh complexity attackno patch available for legacy Quantum and Premium CPUsaffects safety systems in M580 Safety variant

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (9)

6 with fix1 pending2 EOL

ProductAffected VersionsFix Status

EcoStruxure™ Control Expert≤ 15.215.3

EcoStruxure™ Process Expert All VersionsAll versionsNo fix yet

Modicon M340 CPU<SV3.51SV3.51

Modicon M580 CPU≤ SV4.104.10

Modicon M580 CPU Safety (BMEP58*S and BMEH58*S)<SV4.21SV4.21

Modicon Momentum Unity M1E Processor<SV2.62.6

Legacy Modicon Premium CPUs all versionsAll versionsNo fix (EOL)

Modicon MC80<SV1.90SV1.90

Remediation & Mitigation

0/8

Do now

0/1

HARDENINGFor legacy Modicon Quantum and Premium CPUs: implement network segmentation and firewall rules to restrict access to these controllers to authorized engineering workstations and control networks only

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

Modicon M340 CPU

HOTFIXUpdate Modicon M340 CPU to firmware SV3.51 or later

Modicon M580 CPU

HOTFIXUpdate Modicon M580 CPU to firmware SV4.10 or later

HOTFIXUpdate Modicon M580 CPU Safety (BMEP58*S and BMEH58*S) to firmware SV4.21 or later; ensure EcoStruxure Control Expert is updated to v16.0 HF001 minimum for compatibility

Modicon Momentum Unity M1E Processor

HOTFIXUpdate Modicon Momentum Unity M1E Processor to firmware SV2.6 or later

Modicon MC80

HOTFIXUpdate Modicon MC80 to firmware SV1.90 or later

All products

HOTFIXUpdate EcoStruxure Control Expert to version 15.3 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Legacy Modicon Premium CPUs all versions, Legacy Modicon Quantum CPUs all versions. Apply the following compensating controls:

HARDENINGMonitor PLC access logs for unauthorized connection attempts

CVEs (1)

CVE-2022-45788

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b3b3c14d-40bb-4935-8055-b4779467489b