Modicon Controllers M340 / Momentum / MC80

Monitor7.5SEVD-2024-317-02Nov 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Schneider Electric has identified multiple vulnerabilities in Modicon M340, MC80, and Momentum M1E controllers. These programmable automation controllers (PACs) manage and monitor industrial operations across energy and manufacturing sectors. The vulnerabilities could allow unauthorized access to the controllers, potentially resulting in denial of service or loss of confidentiality and integrity. No vendor patches are available for any affected product version. Mitigation relies entirely on defensive network and physical controls.

What this means

What could happen

An attacker with network access to a Modicon controller could execute unauthorized commands or modify control logic, potentially disrupting industrial operations and causing loss of system integrity or availability.

Who's at risk

Energy utilities and manufacturing facilities that operate Schneider Electric Modicon PAC controllers (M340, MC80, Momentum M1E) should take immediate action. These controllers typically manage critical industrial processes such as power distribution, pump operations, or production lines. Any interruption or unauthorized modification could disrupt essential services.

How it could be exploited

An attacker must reach the Modicon controller over the network and interact with it in a way that requires the controller user to take some action (such as clicking a link or accepting a prompt). Once successful, the attacker could run arbitrary commands on the controller to alter setpoints, disable safety interlocks, or cause a denial of service.

Prerequisites

Network access to the Modicon controller (not directly from Internet, but from an adjacent network)
User interaction required (victim must click or approve something)
No credentials or authentication bypass needed

remotely exploitableno authentication requiredaffects critical industrial control systemsno patch availableuser interaction required (reduces immediate risk but still exploitable)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

3 pending1 EOL

ProductAffected VersionsFix Status

Modicon Momentum Unity M1E Processor (171CBU*) All VersionAll versionsNo fix (EOL)

Modicon M340 CPU (part numbers BMXP34*) All VersionAll versionsNo fix yet

Modicon MC80 (part numbers BMKC80) All VersionAll versionsNo fix yet

Modicon M340 CPU (part numbers BMXP34*) All≥ SV3.60No fix yet

Remediation & Mitigation

0/8

Do now

0/5

HARDENINGPlace controllers in locked cabinets and never leave them in Program mode

HARDENINGEnforce physical access controls to prevent unauthorized personnel from accessing controllers and peripherals

WORKAROUNDNever connect programming software to networks other than the intended control network

WORKAROUNDScan all mobile data exchange media (USB drives, CDs) for malware before use on isolated networks

WORKAROUNDPrevent mobile devices that have connected to other networks from accessing control networks without proper security checks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMinimize network exposure by ensuring controllers are not accessible from the Internet

HARDENINGWhen remote access is required, use Virtual Private Networks (VPNs) and keep VPN software updated to the latest version

Mitigations - no patch available

0/1

Modicon Momentum Unity M1E Processor (171CBU*) All Version has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate control system networks behind firewalls and separate from business networks

CVEs (2)

CVE-2024-8933 CVE-2024-8935

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/692842ec-f1f8-406e-a09b-338c7c82ed0d