Modicon Controllers M340 / Momentum / MC80

Plan Patch8.1SEVD-2024-317-03Nov 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Schneider Electric Modicon Controllers M340, Momentum (171CBU*), and MC80 contain multiple vulnerabilities related to improper input validation (CWE-20) and buffer handling (CWE-119). These vulnerabilities could allow unauthorized access to the controller, potentially resulting in denial of service and loss of confidentiality and integrity.

What this means

What could happen

An attacker could gain unauthorized access to these controllers and disrupt industrial operations through denial of service or alter the integrity of control logic and process data. This affects energy generation/distribution and manufacturing process automation.

Who's at risk

Energy utilities and manufacturing facilities operating Modicon M340, MC80, or Momentum controllers for process automation and monitoring. These controllers are commonly used in SCADA systems, PLC networks, and critical infrastructure. Any organization using these Schneider Electric PAC controllers for industrial operations should prioritize remediation.

How it could be exploited

An attacker with network access to the controller could send crafted input that exploits improper validation or buffer handling, allowing them to execute arbitrary code or disrupt the controller's operation, potentially stopping processes or altering setpoints.

Prerequisites

<parameter name="prerequisites_item">Network access to the controller (likely Modbus TCP or Ethernet port 502 or management port)

<parameter name="risk_factors_item">Remotely exploitable via network

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Modicon M340 CPU Controller (part numbers BMXP34*)< SV3.65SV3.65

Modicon MC80 Controller (part numbers BMKC80)< SV2.1SV2.1

Modicon Momentum Unity M1E Processor Controller (171CBU*)< SV2.80SV2.80

Remediation & Mitigation

Version SV3.65 of Modicon M340 firmware includes a fix for these vulnerabilities and is available for download here: https://www.se.com/ww/en/product-range/1468- modicon-m340 Version SV2.80 of Modicon Momentum firmware includes a fix for these vulnerabilities and is available for download here: https://www.se.com/ww/en/product-range/535-modicon-momentum Version SV2.1 of Modicon MC80 firmware includes a fix for these vulnerabilities and is available for download here: https://www.se.com/ww/en/product-range/62396-modicon-mc80

CVEs (3)

CVE-2024-8936 CVE-2024-8937 CVE-2024-8938

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/daf78762-84ef-415f-be26-3ff599c85512