Latest Schneider Electric vulnerabilities #
Schneider Electric has reported a critical vulnerability in its M580 and Quantum Modicon communications adapters. These adapters are used in industrial control systems to allow communication with industrial control devices via industrial Ethernet.
This vulnerability is rated highly critical, with a CVSS score of 9.8.
The following devices are affected
- Modicon M580 communication modules BMENOC BMENOC0321, versions prior to SV1.10
- Modicon M580 communication modules BMECRA BMECRA31210, all versions
- Modicon M580/Quantum communication modules BMXCRA BMXCRA31200, all versions
- Modicon M580/Quantum communication modules BMXCRA BMXCRA31210, all versions
- Modicon Quantum communication modules 140CRA 140CRA31908, all versions
- Modicon Quantum communication modules 140CRA 140CRA31200, all versions
What is the impact? #
Successfully exploiting this vulnerability would allow an attacker to take complete control of the vulnerable system. This vulnerability can be exploited remotely and without authentication.
Are updates or workarounds available? #
Schneider Electric has released an update for the affected BMENOC modules. The BMECRA, BMXCRA, and 140CRA modules do not currently have updates available.
Users are advised to update as quickly as possible for any affected BMENOC modules. Users are also advised to isolate any potentially vulnerable modules from untrusted networks; in particular, UDP ports 67 and 68 should be blocked from unauthorized traffic.
How to find potentially vulnerable Schneider Electric devices with runZero #
From the Asset Inventory, use the following query to locate systems running potentially vulnerable firmware:
hw:"Schneider%BMENOC" OR hw:"Schneider%BMXCRA" OR hw:"Schneider%BMECRA" OR hw:"Schneider%140CRA"
