Modicon Controllers M241/ M251, M258 / LMC058 and M262
Monitor5.4SEVD-2024-191-04Jul 9, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
A Cross-Site Scripting (XSS) or open redirect vulnerability exists in Modicon Controllers M241, M251, M258, M262, and Motion Controller LMC058. The vulnerability could allow an attacker to execute code in a user's browser or redirect users to malicious sites, potentially leading to account takeover. An authenticated user with access to the web interface must interact with a malicious link for the vulnerability to be exploited.
What this means
What could happen
An attacker could trick an engineering workstation operator into clicking a malicious link, allowing the attacker to steal credentials or take over their engineering session. This could enable unauthorized changes to PLC logic, process setpoints, or machine safety configurations.
Who's at risk
Manufacturing and machine automation facilities using Schneider Electric Modicon Controllers (M241, M251, M258, M262) and the LMC058 Motion Controller for production line control, assembly machines, or other performance-critical automation tasks.
How it could be exploited
An attacker crafts a malicious link containing XSS payload or open redirect URL and tricks an engineering workstation operator into clicking it. The operator's browser executes the attacker's code or is redirected to a phishing site while they are logged into the Modicon controller's web interface. The attacker can then capture credentials or modify session state to alter machine logic or safety parameters.
Prerequisites
- Network access to the controller's web interface
- Valid engineering workstation credentials or access to a logged-in user session
- The operator must click a malicious link sent by the attacker
- User interaction required (the operator must interact with the malicious content)
user interaction requiredlow EPSS score (0.6%)requires valid credentialsaffects engineering/control logic
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
Modicon Controllers M241<5.2.11.245.2.11.24
Modicon Controllers M258<5.0.4.195.0.4.19
Modicon Controllers M262<5.2.8.265.2.8.26
Modicon Controllers M251<5.2.11.245.2.11.24
Modicon Controllers LMC058<5.0.4.195.0.4.19
Remediation & Mitigation
0/6
Do now
0/1HARDENINGRestrict network access to the PLC web interface to authorized engineering workstations only using firewall rules or network segmentation
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
HOTFIXUpdate Modicon Controller M241 firmware to version 5.2.11.24 or later (delivered with EcoStruxure Machine Expert v2.2.2) using the SESU application and perform a controller reboot
HOTFIXUpdate Modicon Controller M251 firmware to version 5.2.11.24 or later (delivered with EcoStruxure Machine Expert v2.2.2) using the SESU application and perform a controller reboot
HOTFIXUpdate Modicon Controller M262 firmware to version 5.2.8.26 or later (delivered with EcoStruxure Machine Expert v2.2.2) using the SESU application and perform a controller reboot
HOTFIXUpdate Modicon Controller M258 firmware to version 5.0.4.19 or later using Controller Assistant from EcoStruxure Machine Expert and perform a controller reboot
HOTFIXUpdate Modicon Motion Controller LMC058 firmware to version 5.0.4.19 or later using Controller Assistant from EcoStruxure Machine Expert and perform a controller reboot
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e870c30e-d3ed-4eba-a6dc-e5f829fa7256