Web Server on Modicon M340, Modbus/TCP Ethernet Modicon M340 module, Modbus/TCP Ethernet Modicon M340 FactoryCast module and Ethernet / Serial RTU communication modules
Plan Patch8.6SEVD-2025-014-05Jan 14, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability exists in the web server on Modicon M340 programmable automation controllers and their associated network communication modules (BMXNOE0100, BMXNOE0110, BMXNOR0200H). The web server on these devices fails to properly validate or sanitize web requests, allowing an attacker to disclose sensitive information from web pages, modify web page content, or trigger denial of service conditions. This could render the controller or its communication modules unavailable, interrupting control operations.
What this means
What could happen
An attacker with network access to the controller's web server could read sensitive operating parameters, modify setpoints or configuration displayed on the web interface, or crash the web service—potentially interrupting remote monitoring and control of critical infrastructure operations.
Who's at risk
Electric utilities, water authorities, and industrial manufacturing facilities operating Schneider Electric Modicon M340 automation controllers with integrated or attached network modules (BMXNOE0100 Modbus/TCP module, BMXNOE0110 FactoryCast module, or BMXNOR0200H Ethernet/Serial RTU module). Anyone monitoring or configuring these controllers via their web interface is affected.
How it could be exploited
An attacker sends a specially crafted HTTP request to the web server on the Modicon M340 or one of its network modules. Because the web server does not properly validate or sanitize the request, the attacker can extract sensitive data, alter web-based configuration pages, or exhaust resources causing the web service to become unavailable. No authentication is required.
Prerequisites
- Network access (TCP/IP) to the web server port on the Modicon M340 controller or its communication module (typically HTTP port 80 or 443)
- Web server must be enabled on the target device (default configuration may vary)
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (8.6)Can cause denial of service and information disclosureAffects critical infrastructure control devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (4)
3 with fix1 EOL
ProductAffected VersionsFix Status
Modbus/TCP Ethernet Modicon M340 module<SV3.60SV3.60
Modbus/TCP Ethernet Modicon M340 FactoryCast module<SV6.80SV6.80
Ethernet / Serial RTU module<SV1.70IR26SV1.70IR26
Modicon M340 processors All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to the web server port on Modicon M340 controllers and communication modules using firewall rules; limit to authorized engineering and monitoring workstations only
HARDENINGIf the web server is not required for operations, disable it entirely on affected devices
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
Modbus/TCP Ethernet Modicon M340 module
HOTFIXUpdate Modbus/TCP Ethernet Modicon M340 module (BMXNOE0100) to firmware version SV3.60 or later
Modbus/TCP Ethernet Modicon M340 FactoryCast module
HOTFIXUpdate Modbus/TCP Ethernet Modicon M340 FactoryCast module (BMXNOE0110) to firmware version SV6.80 or later
All products
HOTFIXUpdate Ethernet/Serial RTU communication module (BMXNOR0200H) to firmware version SV1.70IR26 or later
Mitigations - no patch available
0/1Modicon M340 processors All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate automation controllers from untrusted networks using a demilitarized zone (DMZ) or separate VLAN
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/94990d6c-754f-46c5-b558-0a9b59e60abf