Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers)
Plan Patch7.5SEVD-2023-101-05Apr 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric has identified multiple denial of service vulnerabilities in Modicon PLCs and PACs (M340, M580, M580 Safety, Momentum Unity M1E, MC80, Premium, and Quantum CPUs) that can cause the controller CPU to stop processing control logic. The vulnerability is triggered by sending a specially crafted request to the controller and requires no authentication. Exploitation would halt all automation and process control operations until the device is manually recovered. Several legacy product lines (Premium and Quantum) have no firmware patch available from the vendor.
What this means
What could happen
A denial of service attack could stop the Modicon PLC/PAC from executing control logic, disrupting operations at power plants, water treatment facilities, or manufacturing lines that depend on these controllers to maintain safety and process continuity.
Who's at risk
Organizations operating Schneider Modicon PLCs and PACs in energy generation, power distribution, water treatment, manufacturing, and other critical infrastructure. Specifically affects water utilities and electric utilities running M340, M580, M580 Safety, Momentum Unity M1E, MC80, Premium, or Quantum CPU modules.
How it could be exploited
An attacker with network access to the PLC's communication port (typically Ethernet or serial) could send a specially crafted request that causes the CPU to stop responding or restart, halting the execution of all automation logic and process control until the device is manually recovered.
Prerequisites
- Network access to the Modicon PLC communication port (port 502 for Modbus TCP or equivalent serial access)
- No authentication required to send the malicious request
remotely exploitableno authentication requiredlow complexityaffects critical control operationslegacy versions have no patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (7)
5 with fix2 EOL
ProductAffected VersionsFix Status
Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)< SV4.21SV4.21
Modicon Momentum Unity M1E Processor all<sv2.70SV2.70
Modicon M340 CPU< SV3.51SV3.51
Modicon M580 CPU<4.10SV4.10
Modicon MC80<SV2.0SV2.0
Legacy Modicon Premium CPUs all versionsAll versionsNo fix (EOL)
Legacy Modicon Quantum all versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDImplement network segmentation or firewall rules to restrict network access to Modicon M340, M580, MC80, Premium, and Quantum CPUs to only authorized engineering and control network segments
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
Modicon M340 CPU
HOTFIXUpdate Modicon M340 CPU to firmware version SV3.51 or later
Modicon M580 CPU
HOTFIXUpdate Modicon M580 CPU to firmware version SV4.10 or later
HOTFIXUpdate Modicon M580 CPU Safety (BMEP58*S and BMEH58*S) to firmware version SV4.21 or later, and install EcoStruxure Control Expert V16.0 HF001 minimum on engineering workstations
Modicon MC80
HOTFIXUpdate Modicon MC80 to firmware version SV2.0 or later
All products
HOTFIXUpdate Modicon Momentum Unity M1E Processor to firmware version SV2.70 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/200da5e1-8da9-4c07-a3eb-6ae52de92750