Modicon M340 Controller and Communication Modules

Plan Patch7.5SEVD-2025-224-05Aug 12, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Modicon M340 controllers and several communication modules contain a flaw in packet validation that allows denial-of-service attacks. The following products are affected: Modicon M340 (all versions, no fix planned), Ethernet/Serial RTU Module (all versions, no fix planned), M580 Global Data module (all versions, no fix planned), M340 X80 Ethernet Communication modules (all versions, no fix planned), Modbus/TCP Ethernet Modicon M340 module (versions below 3.60), and Modbus/TCP Ethernet Modicon M340 FactoryCast module (versions below 6.80). An unauthenticated attacker with network access can send malformed packets that cause the affected devices to become unresponsive, preventing normal operations until manual reboot.

What this means

What could happen

A network attacker can send malformed network packets to Modicon M340 controllers or communication modules, causing them to become unresponsive and halting industrial processes until the device is rebooted.

Who's at risk

Water utilities and electric utilities operating Schneider Electric Modicon M340 programmable automation controllers (PACs) and their communication modules. This affects any M340-based control system with Ethernet communication modules used for remote monitoring and process control via Modbus/TCP.

How it could be exploited

An attacker with network access to a Modicon M340 controller or communication module can send specially crafted packets to port 502 (Modbus/TCP) or other Ethernet interfaces. The controller fails to properly validate the packet structure, triggering a denial-of-service condition that stops the device from processing normal operations.

Prerequisites

Network access to the Modicon M340 or communication module on port 502 (Modbus/TCP) or Ethernet management interface
Device must be connected to a network reachable by the attacker

remotely exploitableno authentication requiredlow complexityaffects process availability and safety systemsmultiple products have no fix available

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

2 with fix4 EOL

ProductAffected VersionsFix Status

Modbus/TCP Ethernet Modicon M340 module<3.603.60

Modbus/TCP Ethernet Modicon M340 FactoryCast module<6.806.80

Ethernet / Serial RTU Module All versionsAll versionsNo fix (EOL)

M580 Global Data module All versionsAll versionsNo fix (EOL)

Modicon M340 All versionsAll versionsNo fix (EOL)

Modicon M340 X80 Ethernet Communication modules All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGImplement network segmentation or firewall rules to restrict access to Modicon M340 Modbus/TCP port (502) and Ethernet interfaces to only authorized engineering and SCADA networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Modbus/TCP Ethernet Modicon M340 module

HOTFIXUpdate Modbus/TCP Ethernet Modicon M340 module (BMXNOE0100) firmware to version 3.60 or later

Modbus/TCP Ethernet Modicon M340 FactoryCast module

HOTFIXUpdate Modbus/TCP Ethernet Modicon M340 FactoryCast module (BMXNOE0110) firmware to version 6.80 or later

All products

HOTFIXPlan maintenance windows for firmware updates on M340 controllers and modules, as reboot is required to complete the upgrade

CVEs (1)

CVE-2025-6625

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/20f9b3a5-8375-40bb-8a21-1098665414c3