Schneider Electric Warns of Critical Modicon Flaws
Multiple Critical Vulnerabilities Expose Industrial Control RisksFrench multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk.
See Also: 2024 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
The vulnerabilities could allow unauthorized access, data manipulation and system interruptions, Schneider said in a security notification (see: Building Cyber Resilience Across OT, IT and IoT Environments).
Modicon M340, Momentum and MC80 controllers are widely used across various industrial sectors, including manufacturing, energy and critical infrastructure. They enable precise control and monitoring of complex processes, helping companies automate workflows. The identified flaws could leave these systems susceptible to denial-of-service attacks and can be exploited for arbitrary code execution.
Schneider Electric issued the alert on Tuesday, urging affected users to apply firmware updates or implement network mitigations to safeguard systems.
Here are the vulnerabilities addressed:
- CVE-2024-8936: This vulnerability is a result of improper input validation in the Modicon controllers. Attackers could exploit it through a man-in-the-middle attack, intercepting and modifying communications on the Modbus protocol to manipulate the controller's memory. A successful exploit could lead to unauthorized access to sensitive memory areas, compromising the confidentiality of data stored within the controller. This vulnerability has a CVSS score of 8.3.
- CVE-2024-8937: This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers. During a MITM attack, an attacker could send maliciously crafted Modbus function calls to the controller, targeting the memory buffer involved in the authentication process. This could allow attackers to execute arbitrary code on the device, potentially taking control of it. CVE-2024-8937 is classified as high-risk with a CVSS score of 9.2.
- CVE-2024-8938: Similar to CVE-2024-8937, this vulnerability stems from inadequate memory buffer restrictions. Attackers can exploit this through a MITM attack by sending crafted Modbus commands that alter the memory areas responsible for computing the controller's memory size. This could lead to arbitrary code execution, allowing attackers to manipulate the controller's operations or cause system instability. It has a score of 9.2 on the CVSS scale.
The advisory details Schneider Electric's recommendations to mitigate risks, including applying firmware version SV3.65 for the Modicon M340 controllers and setting up network segmentation.
The company also suggests implementing firewalls and access control lists to restrict unauthorized access to the Modbus port. For the Momentum and MC80 controllers, Schneider is working on a remediation plan but advised immediate mitigation measures, such as using VPN connections and following user manual security guidelines.