Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-6830 (GCVE-0-2019-6830)
Vulnerability from cvelistv5 – Published: 2019-09-17 19:21 – Updated: 2024-08-04 20:31
VLAI
EPSS
Summary
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
Severity
No CVSS data available.
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
all versions prior to V2.80
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions prior to V2.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:21:12.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "all versions prior to V2.80"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6830",
"datePublished": "2019-09-17T19:21:12.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-6830",
"date": "2026-05-27",
"epss": "0.00367",
"percentile": "0.58795"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.80\", \"matchCriteriaId\": \"6FDEB227-D50B-402C-9C11-E29F52BC10BB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E876C738-ABF6-4864-98A6-1E06E96A0DF4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.\"}, {\"lang\": \"es\", \"value\": \"Una CWE-248: Se presenta una vulnerabilidad Excepci\\u00f3n No Capturada en Modicon M580 todas las versiones anteriores a V2.80, lo que podr\\u00eda causar una posible denegaci\\u00f3n de servicio cuando se env\\u00eda una petici\\u00f3n HTTP temporizada de manera apropiada al controlador.\"}]",
"id": "CVE-2019-6830",
"lastModified": "2024-11-21T04:47:14.273",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-09-17T20:15:12.267",
"references": "[{\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-248\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6830\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2019-09-17T20:15:12.267\",\"lastModified\":\"2024-11-21T04:47:14.273\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.\"},{\"lang\":\"es\",\"value\":\"Una CWE-248: Se presenta una vulnerabilidad Excepci\u00f3n No Capturada en Modicon M580 todas las versiones anteriores a V2.80, lo que podr\u00eda causar una posible denegaci\u00f3n de servicio cuando se env\u00eda una petici\u00f3n HTTP temporizada de manera apropiada al controlador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.80\",\"matchCriteriaId\":\"6FDEB227-D50B-402C-9C11-E29F52BC10BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E876C738-ABF6-4864-98A6-1E06E96A0DF4\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-384
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0 | ||
| Schneider Electric | N/A | Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Premium | ||
| Schneider Electric | N/A | TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe | ||
| Schneider Electric | N/A | Magelis HMIGTO series | ||
| Schneider Electric | N/A | Magelis XBTGH series | ||
| Schneider Electric | N/A | Magelis HMIGTUX series | ||
| Schneider Electric | N/A | Magelis XBTGC series | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à V2.90 | ||
| Schneider Electric | N/A | Magelis HMIGTU series | ||
| Schneider Electric | N/A | BMXNOR0200H Ethernet / Serial RTU module | ||
| Schneider Electric | N/A | Magelis HMISTO series | ||
| Schneider Electric | N/A | Magelis HMISCU series | ||
| Schneider Electric | N/A | Magelis HMIGXO series | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V3.10 | ||
| Schneider Electric | N/A | Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1 | ||
| Schneider Electric | N/A | Magelis XBTGT series | ||
| Schneider Electric | N/A | Magelis HMIGXU series | ||
| Schneider Electric | N/A | Magelis HMISTU series | ||
| Schneider Electric | N/A | spaceLYnk versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Quantum |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGH series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTUX series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGC series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOR0200H Ethernet / Serial RTU module",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISCU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGT series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
},
{
"name": "CVE-2019-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
},
{
"name": "CVE-2019-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
},
{
"name": "CVE-2019-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
},
{
"name": "CVE-2019-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
},
{
"name": "CVE-2019-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
},
{
"name": "CVE-2019-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
},
{
"name": "CVE-2019-8263",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
},
{
"name": "CVE-2019-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6832"
},
{
"name": "CVE-2019-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
},
{
"name": "CVE-2019-8276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
},
{
"name": "CVE-2018-7846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
},
{
"name": "CVE-2019-8259",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
},
{
"name": "CVE-2018-7842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
},
{
"name": "CVE-2018-7849",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
},
{
"name": "CVE-2019-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
},
{
"name": "CVE-2019-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6831"
},
{
"name": "CVE-2019-6813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6813"
},
{
"name": "CVE-2019-6809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
},
{
"name": "CVE-2019-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
},
{
"name": "CVE-2018-7852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
},
{
"name": "CVE-2019-8267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
},
{
"name": "CVE-2019-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
},
{
"name": "CVE-2019-6810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6810"
},
{
"name": "CVE-2018-7854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
},
{
"name": "CVE-2019-8280",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
},
{
"name": "CVE-2018-7844",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
},
{
"name": "CVE-2018-7847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
},
{
"name": "CVE-2018-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
},
{
"name": "CVE-2019-8275",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
},
{
"name": "CVE-2019-8274",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
},
{
"name": "CVE-2019-6808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
},
{
"name": "CVE-2019-6826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
},
{
"name": "CVE-2018-7850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
},
{
"name": "CVE-2018-7856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
},
{
"name": "CVE-2019-8266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
},
{
"name": "CVE-2019-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
},
{
"name": "CVE-2019-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6834"
},
{
"name": "CVE-2019-68067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68067"
},
{
"name": "CVE-2018-7845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
},
{
"name": "CVE-2019-8258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-8264",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
},
{
"name": "CVE-2019-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6833"
},
{
"name": "CVE-2019-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
},
{
"name": "CVE-2019-8268",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
},
{
"name": "CVE-2019-68077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68077"
},
{
"name": "CVE-2019-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
},
{
"name": "CVE-2018-7853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
},
{
"name": "CVE-2018-7843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
},
{
"name": "CVE-2018-7848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-384",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-13T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"revision_date": "2019-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05"
}
]
}
CERTFR-2019-AVI-384
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0 | ||
| Schneider Electric | N/A | Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Premium | ||
| Schneider Electric | N/A | TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe | ||
| Schneider Electric | N/A | Magelis HMIGTO series | ||
| Schneider Electric | N/A | Magelis XBTGH series | ||
| Schneider Electric | N/A | Magelis HMIGTUX series | ||
| Schneider Electric | N/A | Magelis XBTGC series | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à V2.90 | ||
| Schneider Electric | N/A | Magelis HMIGTU series | ||
| Schneider Electric | N/A | BMXNOR0200H Ethernet / Serial RTU module | ||
| Schneider Electric | N/A | Magelis HMISTO series | ||
| Schneider Electric | N/A | Magelis HMISCU series | ||
| Schneider Electric | N/A | Magelis HMIGXO series | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V3.10 | ||
| Schneider Electric | N/A | Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1 | ||
| Schneider Electric | N/A | Magelis XBTGT series | ||
| Schneider Electric | N/A | Magelis HMIGXU series | ||
| Schneider Electric | N/A | Magelis HMISTU series | ||
| Schneider Electric | N/A | spaceLYnk versions antérieures à 2.4.0 | ||
| Schneider Electric | N/A | Modicon Quantum |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGH series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTUX series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGC series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOR0200H Ethernet / Serial RTU module",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISCU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXO series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis XBTGT series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMIGXU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Magelis HMISTU series",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
},
{
"name": "CVE-2019-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
},
{
"name": "CVE-2019-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
},
{
"name": "CVE-2019-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
},
{
"name": "CVE-2019-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
},
{
"name": "CVE-2019-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
},
{
"name": "CVE-2019-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
},
{
"name": "CVE-2019-8263",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
},
{
"name": "CVE-2019-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6832"
},
{
"name": "CVE-2019-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
},
{
"name": "CVE-2019-8276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
},
{
"name": "CVE-2018-7846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
},
{
"name": "CVE-2019-8259",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
},
{
"name": "CVE-2018-7842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
},
{
"name": "CVE-2018-7849",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
},
{
"name": "CVE-2019-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
},
{
"name": "CVE-2019-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6831"
},
{
"name": "CVE-2019-6813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6813"
},
{
"name": "CVE-2019-6809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
},
{
"name": "CVE-2019-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
},
{
"name": "CVE-2018-7852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
},
{
"name": "CVE-2019-8267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
},
{
"name": "CVE-2019-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
},
{
"name": "CVE-2019-6810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6810"
},
{
"name": "CVE-2018-7854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
},
{
"name": "CVE-2019-8280",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
},
{
"name": "CVE-2018-7844",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
},
{
"name": "CVE-2018-7847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
},
{
"name": "CVE-2018-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
},
{
"name": "CVE-2019-8275",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
},
{
"name": "CVE-2019-8274",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
},
{
"name": "CVE-2019-6808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
},
{
"name": "CVE-2019-6826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
},
{
"name": "CVE-2018-7850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
},
{
"name": "CVE-2018-7856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
},
{
"name": "CVE-2019-8266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
},
{
"name": "CVE-2019-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
},
{
"name": "CVE-2019-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6834"
},
{
"name": "CVE-2019-68067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68067"
},
{
"name": "CVE-2018-7845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
},
{
"name": "CVE-2019-8258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-8264",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
},
{
"name": "CVE-2019-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6833"
},
{
"name": "CVE-2019-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
},
{
"name": "CVE-2019-8268",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
},
{
"name": "CVE-2019-68077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-68077"
},
{
"name": "CVE-2019-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
},
{
"name": "CVE-2018-7853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
},
{
"name": "CVE-2018-7843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
},
{
"name": "CVE-2018-7848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-384",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-13T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"revision_date": "2019-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05"
}
]
}
CNVD-2019-38871
Vulnerability from cnvd - Published: 2019-11-01
VLAI
Title
Schneider Electric Modicon M580拒绝服务漏洞
Description
Schneider Electric Modicon M580是法国施耐德电气(Schneider Electric)公司的一款可编程自动化控制器。
使用V2.80之前版本固件的Schneider Electric Modicon M580中存在安全漏洞。攻击者可利用该漏洞导致拒绝服务。
Severity
高
Patch Name
Schneider Electric Modicon M580拒绝服务漏洞
Patch Description
Schneider Electric Modicon M580是法国施耐德电气(Schneider Electric)公司的一款可编程自动化控制器。
使用V2.80之前版本固件的Schneider Electric Modicon M580中存在安全漏洞。攻击者可利用该漏洞导致拒绝服务。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Reference
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Impacted products
| Name | Schneider Electric Modicon M580 <V2.80 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-6830",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6830"
}
},
"description": "Schneider Electric Modicon M580\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002\n\n\u4f7f\u7528V2.80\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M580\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-38871",
"openTime": "2019-11-01",
"patchDescription": "Schneider Electric Modicon M580\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002\n\n\u4f7f\u7528V2.80\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M580\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"patchName": "Schneider Electric Modicon M580\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e",
"products": {
"product": "Schneider Electric Modicon M580 \u003cV2.80"
},
"referenceLink": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"serverity": "\u9ad8",
"submitTime": "2019-09-23",
"title": "Schneider Electric Modicon M580\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2019-6830
Vulnerability from fkie_nvd - Published: 2019-09-17 20:15 - Updated: 2024-11-21 04:47
Severity
Summary
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_m580_firmware | * | |
| schneider-electric | modicon_m580 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
"versionEndExcluding": "2.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
},
{
"lang": "es",
"value": "Una CWE-248: Se presenta una vulnerabilidad Excepci\u00f3n No Capturada en Modicon M580 todas las versiones anteriores a V2.80, lo que podr\u00eda causar una posible denegaci\u00f3n de servicio cuando se env\u00eda una petici\u00f3n HTTP temporizada de manera apropiada al controlador."
}
],
"id": "CVE-2019-6830",
"lastModified": "2024-11-21T04:47:14.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T20:15:12.267",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XJGC-MVGW-P5QH
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-10-14 12:00
VLAI
Details
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
Severity
5.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-6830"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-17T20:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.",
"id": "GHSA-xjgc-mvgw-p5qh",
"modified": "2022-10-14T12:00:19Z",
"published": "2022-05-24T16:56:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6830"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-6830
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-6830",
"description": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.",
"id": "GSD-2019-6830"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-6830"
],
"details": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.",
"id": "GSD-2019-6830",
"modified": "2023-12-13T01:23:49.748017Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "all versions prior to V2.80"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6830"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-14T03:07Z",
"publishedDate": "2019-09-17T20:15Z"
}
}
}
ICSA-25-114-01
Vulnerability from csaf_cisa - Published: 2019-05-14 16:48 - Updated: 2026-04-23 06:00Summary
Schneider Electric Modicon Controllers (Update A)
Notes
General Security Recommendations: Schneider Electric strongly recommends the following industry cybersecurity best practices.
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.
For More Information: This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER: THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric: Schneider's purpose is to create impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this life is on.
Our mission is to be the trusted partner in sustainability and efficiency.
We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers.
We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all.
www.se.com
Overview: Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products.
The [Modicon Programmable Automation controllers](https://www.se.com/ww/en/product-subcategory/3950-pac-programmable-automation-controllers/) are used for complex networked communication, display and control applications
Failure to apply the mitigations or remediations provided below may risk execution of unsolicited command on the PLC which could result in a loss of availability of the controller.
The severity of vulnerabilities was calculated using the CVSS Base metrics for 4.0 ([CVSS v4.0](https://www.first.org/cvss/calculator/4.0)). CVSS v3.1 will be still evaluated until the adoption of CVSS v4.0 by the industry. The severity was calculated without incorporating the temporal and environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as the presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer's environment.
Customers should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a test and development environment or on an offline infrastructure. Contact Schneider Electric's [Customer Care Center](https://www.se.com/us/en/work/support/contacts.jsp) if you need assistance removing a patch.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Schneider Electric SEVD-2019-134-11 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric directly for any questions regarding this advisory.
Critical infrastructure sectors: Commercial Facilities, Critical Manufacturing, Energy
Countries/areas deployed: Worldwide
Company headquarters location: France
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
An improper access control vulnerability exists, which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.
10 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An improper access control vulnerability exists which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
9.8 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
A reliance on untrusted inputs in a security decision vulnerability exists which could cause invalid information displayed in Unity Pro software.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause a possible denial of service due to improper data integrity check when sending files to the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An authentication bypass by spoofing vulnerability exists which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0044 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An out-of-bounds read vulnerability exists, which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0044 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0049 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0044 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0049 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An uncaught exception vulnerability exists, which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus.
7.5 (High)
An uncaught exception vulnerability exists which could cause a denial of service when sending invalid debug parameters to the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
An uncaught exception vulnerability exists, which could cause a denial of service when sending invalid breakpoint parameters to the controller over Modbus.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0058 | — |
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0045 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0050 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0055 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0057 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause a possible denial of service when writing invalid memory blocks to the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0044 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An uncaught exception vulnerability exists, which could cause a possible denial of service when writing out of bounds variables to the controller over Modbus.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0054 | — | ||
| Unresolved product id: CSAFPID-0058 | — | ||
|
EcoStruxure Control Expert Version 15.1
Schneider Electric / EcoStruxure Control Expert
|
15.1 |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0047 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0052 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0053 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0056 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0082 | — |
Vendor Fix
fix
Mitigation
|
An information exposure vulnerability exists which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0047 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0052 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0054 | — | ||
| Unresolved product id: CSAFPID-0058 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — | ||
|
EcoStruxure Control Expert Version 15.1
Schneider Electric / EcoStruxure Control Expert
|
15.1 |
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0053 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0056 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0082 | — |
Vendor Fix
fix
Mitigation
|
An uncaught exception vulnerability exists, which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An uncaught exception vulnerability exists which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
An uncaught exception vulnerability exists, which could cause a possible denial of service when reading invalid data from the controller.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — | ||
| Unresolved product id: CSAFPID-0069 | — | ||
| Unresolved product id: CSAFPID-0070 | — | ||
| Unresolved product id: CSAFPID-0071 | — | ||
| Unresolved product id: CSAFPID-0072 | — | ||
| Unresolved product id: CSAFPID-0073 | — | ||
| Unresolved product id: CSAFPID-0074 | — | ||
| Unresolved product id: CSAFPID-0075 | — | ||
| Unresolved product id: CSAFPID-0076 | — | ||
| Unresolved product id: CSAFPID-0077 | — | ||
| Unresolved product id: CSAFPID-0080 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0059 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0060 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0061 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0062 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0063 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0064 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0065 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0066 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0067 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0079 | — |
Vendor Fix
fix
Mitigation
fix
|
An information exposure vulnerability exists, which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0047 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0052 | — |
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
An uncaught exception vulnerability exists, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
5.9 (Medium)
An information exposure vulnerability exists, which could cause the disclosure of SNMP information when reading files from the controller over Modbus.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
A trust boundary violation vulnerability on connection to the controller exists which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0046 | — | ||
| Unresolved product id: CSAFPID-0051 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0043 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0048 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0068 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0078 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0081 | — |
No Fix Planned
Mitigation
fix
|
References
48 references
Acknowledgments
Cisco Talos
Jared Rittle
Kaspersky
Pavel Nesterov
Artem Zinenko
ns focus
Gao Jian
Dingxiang Dongjian Security Lab
Dong Yang
Cisco Talos
Jared Rittle
nsfocus
Gao Jian
Kaspersky ICS CERT
Pavel Nesterov
Artem Zinenko
Dingxiang Dongjian Security Lab
Dong Yang
{
"document": {
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos",
"summary": "reported these vulnerabilities to Schneider Electric."
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky",
"summary": "reported these vulnerabilities to Schneider Electric."
},
{
"names": [
"Gao Jian"
],
"organization": "ns focus",
"summary": "reported these vulnerabilities to Schneider Electric."
},
{
"names": [
"Dong Yang"
],
"organization": "Dingxiang Dongjian Security Lab",
"summary": "reported these vulnerabilities to Schneider Electric."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "Schneider Electric strongly recommends the following industry cybersecurity best practices.\n\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\n\nFor more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\n\nFor further information related to cybersecurity in Schneider Electric\u0027s products, visit the company\u0027s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "Schneider\u0027s purpose is to create impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this life is on.\n\nOur mission is to be the trusted partner in sustainability and efficiency.\n\nWe are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers.\n\nWe are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. \n\n www.se.com",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products. \r\nThe [Modicon Programmable Automation controllers](https://www.se.com/ww/en/product-subcategory/3950-pac-programmable-automation-controllers/) are used for complex networked communication, display and control applications \r\nFailure to apply the mitigations or remediations provided below may risk execution of unsolicited command on the PLC which could result in a loss of availability of the controller.",
"title": "Overview"
},
{
"category": "other",
"text": "The severity of vulnerabilities was calculated using the CVSS Base metrics for 4.0 ([CVSS v4.0](https://www.first.org/cvss/calculator/4.0)). CVSS v3.1 will be still evaluated until the adoption of CVSS v4.0 by the industry. The severity was calculated without incorporating the temporal and environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as the presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer\u0027s environment."
},
{
"category": "other",
"text": "Customers should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a test and development environment or on an offline infrastructure. Contact Schneider Electric\u0027s [Customer Care Center](https://www.se.com/us/en/work/support/contacts.jsp) if you need assistance removing a patch. "
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Schneider Electric SEVD-2019-134-11 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Commercial Facilities, Critical Manufacturing, Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "France",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2019-134-11.json"
},
{
"category": "self",
"summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/ww/en/download/document/7EN52-0390/"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-114-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-114-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-114-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Schneider Electric Modicon Controllers (Update A)",
"tracking": {
"current_release_date": "2026-04-23T06:00:00.000000Z",
"generator": {
"date": "2026-04-22T19:30:08.869417Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-25-114-01",
"initial_release_date": "2019-05-14T16:48:40.000000Z",
"revision_history": [
{
"date": "2019-05-14T16:48:40.000000Z",
"legacy_version": "Version 1.0.0",
"number": "1",
"summary": "Original Release"
},
{
"date": "2019-07-09T16:48:40.000000Z",
"legacy_version": "Version 1.1.0",
"number": "2",
"summary": "Updated to include links to M580 V2.90 Firmware and Control Expert Hot Fix v14.0"
},
{
"date": "2019-07-12T16:48:40.000000Z",
"legacy_version": "Version 1.2.0",
"number": "3",
"summary": "Updated mitigations for CVE-2019-6808"
},
{
"date": "2019-07-24T16:48:40.000000Z",
"legacy_version": "Version 1.3.0",
"number": "4",
"summary": "Updated links to M580 v2.90 Firmware"
},
{
"date": "2019-08-13T16:48:40.000000Z",
"legacy_version": "Version 2.0.0",
"number": "5",
"summary": "Updated: \r\n\u2022 CVE-2018-7846: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7849: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7848: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7842: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7847: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7850: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7854: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7852: modified to change M580 release which was erroneous (2.80 instead of 2.90) \r\n\u2022 CVE-2018-7855: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6807: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6808: added fix available for M340 V3.10 \r\n\u2022 CVE-2018-7843: modified to change M340 release which was erroneous (3.01 instead of 3.10) \r\n\u2022 CVE-2018-7856: added fix on M340 v3.10 (available earlier than expected) \r\n \r\nAdded 4 new CVEs: \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829 \r\n\u2022 CVE-2019-6809"
},
{
"date": "2019-12-10T16:48:40.000000Z",
"legacy_version": "Version 3.0.0",
"number": "6",
"summary": "Updated: \r\n\u2022 CVE-2019-6806: Corrected remediation information for Modicon M340 \r\n\u2022 CVE-2018-7845: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7843: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6809: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6807: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7857: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7856: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7852: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6828: Fix for Premium \u0026 Quantum \r\n\u2022 Update of download links for latest versions of M580 / M340 \u0026 Quantum, plus customer support information for Premium. "
},
{
"date": "2020-05-12T16:48:40.000000Z",
"legacy_version": "Version 4.0.0",
"number": "7",
"summary": "Updated fix version information for CVE-2018-7857"
},
{
"date": "2020-08-11T16:48:40.000000Z",
"legacy_version": "Version 4.1.0",
"number": "8",
"summary": "Updated fix version information for CVE-2018-7857: \r\n\u2022 Additional fixes available for M580 v3.10 \r\n\u2022 Quantum \u0026 Premium previous fix is not enough to correct the CVE and requires the additional mitigations proposed"
},
{
"date": "2020-10-12T16:48:40.000000Z",
"legacy_version": "Version 5.0.0",
"number": "9",
"summary": "Additional required remediation steps added for M580 and M340 applicable to the following CVEs: \r\n\u2022 CVE-2018-7846 \r\n\u2022 CVE-2018-7849 \r\n\u2022 CVE-2018-7843 \r\n\u2022 CVE-2018-7848 \r\n\u2022 CVE-2018-7842 \r\n\u2022 CVE-2018-7847 \r\n\u2022 CVE-2018-7850 \r\n\u2022 CVE-2018-7845 \r\n\u2022 CVE-2018-7852 \r\n\u2022 CVE-2018-7853 \r\n\u2022 CVE-2018-7854 \r\n\u2022 CVE-2018-7855 \r\n\u2022 CVE-2018-7856 \r\n\u2022 CVE-2018-7857 \r\n\u2022 CVE-2019-6807 \r\n\u2022 CVE-2019-6808 \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829 \r\n\u2022 CVE-2019-6809"
},
{
"date": "2020-12-08T16:48:40.000000Z",
"legacy_version": "Version 6.0.0",
"number": "10",
"summary": "A fix for additional attack scenario is available on M340 v3.30 for CVE-2018-7857."
},
{
"date": "2022-09-13T16:48:40.000000Z",
"legacy_version": "Version 7.0.0",
"number": "11",
"summary": "Modicon MC80 and PLC Simulator for EcoStruxure Control Expert were added as impacted product of CVE-2018-7857 and CVE-2019-6807 and the remediation is provided."
},
{
"date": "2023-01-10T16:48:40.000000Z",
"legacy_version": "Version 8.0.0",
"number": "12",
"summary": "Modicon M340 and M580 latest firmware versions are affected by CVE-2018-7855 and additional mitigations were added in the mitigation section."
},
{
"date": "2023-03-14T16:48:40.000000Z",
"legacy_version": "Version 9.0.0",
"number": "13",
"summary": "A remediation is available for Modicon Momentum Unity M1E Processor part numbers 171CBU* for CVE-2018-7857 and CVE-2019-6807 "
},
{
"date": "2024-02-13T16:48:40.000000Z",
"legacy_version": "Version 10.0.0",
"number": "14",
"summary": "A remediation is available for Modicon M340 and M580 for CVE-2018-7855. Updated products affected version numbers."
},
{
"date": "2024-07-09T16:48:40.000000Z",
"legacy_version": "Version 11.0.0",
"number": "15",
"summary": "Modicon MC80 and Momentum M1E PLCs were added as impacted products of CVE-2018-7855. Mitigations are available for Modicon MC80 and Momentum M1E PLCs for CVE-2018-7855."
},
{
"date": "2025-02-11T16:48:40.000000Z",
"legacy_version": "Version 12.0.0",
"number": "16",
"summary": "Correction of CVE list impacting Quantum Safety processor."
},
{
"date": "2025-04-23T06:00:00.000000Z",
"legacy_version": "Latest CISA Republication",
"number": "17",
"summary": "CISA Republication based on Schneider Electric SEVD-2019-134-11 advisory"
},
{
"date": "2026-04-14T07:00:00.000000Z",
"legacy_version": "Version 13.0.0",
"number": "18",
"summary": "Remediation is available for CVE-2018-7855 in Modicon Momentum controller (Page 9)"
},
{
"date": "2026-04-23T06:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "19",
"summary": "CISA Republication update based on Schneider Electric SEVD-2019-134-11 advisory"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Modicon M580 Controller",
"product": {
"name": "Modicon M580 Controller",
"product_id": "CSAFPID-0001"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.90",
"product": {
"name": "Modicon M580 Firmware Versions prior to v2.90",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.80",
"product": {
"name": "Modicon M580 Firmware Versions prior to v2.80",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.20",
"product": {
"name": "Modicon M580 Firmware Versions prior to v4.20",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version",
"name": "4.20",
"product": {
"name": "Modicon M580 Firmware Version 4.20",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon M580 Firmware All Versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Modicon M580 Firmware"
},
{
"category": "product_name",
"name": "Modicon M340 Controller",
"product": {
"name": "Modicon M340 Controller",
"product_id": "CSAFPID-0007"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.10",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.10",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.01",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.01",
"product_id": "CSAFPID-0009"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.60",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.60",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version",
"name": "3.60",
"product": {
"name": "Modicon M340 Firmware Version 3.60",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon M340 Firmware All Versions",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Modicon M340 Firmware"
},
{
"category": "product_name",
"name": "Modicon MC80 Controller",
"product": {
"name": "Modicon MC80 Controller",
"product_id": "CSAFPID-0013"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.80",
"product": {
"name": "Modicon MC80 Firmware Versions prior to v1.80",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version",
"name": "1.80",
"product": {
"name": "Modicon MC80 Firmware Version 1.80",
"product_id": "CSAFPID-0015"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon MC80 Firmware All Versions",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Modicon MC80 Firmware"
},
{
"category": "product_name",
"name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product": {
"name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "CSAFPID-0017"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003cSV2.6",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6",
"product_id": "CSAFPID-0018"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.90",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90",
"product_id": "CSAFPID-0019"
}
},
{
"category": "product_version",
"name": "2.90",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Modicon Momentum Unity M1E Processor Firmware"
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0021"
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"140CPU65150 [C]",
"140CPU65160 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"140CPU65260 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"140CPU67261 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"140CPU67060 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"140CPU67160 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"model_numbers": [
"140CPU67261 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0028",
"product_identification_helper": {
"model_numbers": [
"140CPU67260 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0029",
"product_identification_helper": {
"model_numbers": [
"140CPU65860 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "CSAFPID-0030",
"product_identification_helper": {
"model_numbers": [
"140CPU67861 [C]"
]
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.60",
"product": {
"name": "Modicon Quantum Firmware Versions prior to v3.60",
"product_id": "CSAFPID-0031"
}
},
{
"category": "product_version",
"name": "3.60",
"product": {
"name": "Modicon Quantum Firmware Version 3.60",
"product_id": "CSAFPID-0032"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Quantum Firmware All Versions",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "Modicon Quantum Firmware"
},
{
"category": "product_name",
"name": "Modicon Quantum Safety Controller",
"product": {
"name": "Modicon Quantum Safety Controller",
"product_id": "CSAFPID-0034"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Quantum Safety Firmware All Versions",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "Modicon Quantum Safety Firmware"
},
{
"category": "product_name",
"name": "Modicon Premium Controller",
"product": {
"name": "Modicon Premium Controller",
"product_id": "CSAFPID-0036"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.20",
"product": {
"name": "Modicon Premium Firmware Versions prior to v3.20",
"product_id": "CSAFPID-0037"
}
},
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Modicon Premium Firmware Version 3.20",
"product_id": "CSAFPID-0038"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Premium Firmware All Versions",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "Modicon Premium Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "PLC Simulator",
"product": {
"name": "PLC Simulator",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "PLC Simulator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c15.1",
"product": {
"name": "EcoStruxure Control Expert Versions prior to v15.1",
"product_id": "CSAFPID-0041"
}
},
{
"category": "product_version",
"name": "15.1",
"product": {
"name": "EcoStruxure Control Expert Version 15.1",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "EcoStruxure Control Expert"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v2.90 installed on Modicon M580 Controller",
"product_id": "CSAFPID-0043"
},
"product_reference": "CSAFPID-0002",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v2.80 installed on Modicon M580 Controller",
"product_id": "CSAFPID-0044"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v4.20 installed on Modicon M580 Controller (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
"product_id": "CSAFPID-0045"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Version 4.20 installed on Modicon M580 Controller",
"product_id": "CSAFPID-0046"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_with",
"full_product_name": {
"name": "Modicon M580 Firmware All Versions installed with Modicon M580 Controller",
"product_id": "CSAFPID-0047"
},
"product_reference": "CSAFPID-0006",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.10 installed on Modicon M340 Controller",
"product_id": "CSAFPID-0048"
},
"product_reference": "CSAFPID-0008",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.01 installed on Modicon M340 Controller",
"product_id": "CSAFPID-0049"
},
"product_reference": "CSAFPID-0009",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.60 installed on Modicon M340 Controller (part numbers BMXP34*)",
"product_id": "CSAFPID-0050"
},
"product_reference": "CSAFPID-0010",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Version 3.60 installed on Modicon M340 Controller",
"product_id": "CSAFPID-0051"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware All Versions installed on Modicon M340 Controller",
"product_id": "CSAFPID-0052"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware Versions prior to v1.80 installed on Modicon MC80 Controller (BMKC8020301)",
"product_id": "CSAFPID-0053"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware Version 1.80 installed on Modicon MC80 Controller",
"product_id": "CSAFPID-0054"
},
"product_reference": "CSAFPID-0015",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware All Versions installed on Modicon MC80 Controller",
"product_id": "CSAFPID-0055"
},
"product_reference": "CSAFPID-0016",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "CSAFPID-0056"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "CSAFPID-0057"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "CSAFPID-0058"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
"product_id": "CSAFPID-0059"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
"product_id": "CSAFPID-0060"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "CSAFPID-0061"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
"product_id": "CSAFPID-0062"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
"product_id": "CSAFPID-0063"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "CSAFPID-0064"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
"product_id": "CSAFPID-0065"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
"product_id": "CSAFPID-0066"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
"product_id": "CSAFPID-0067"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware All Versions installed on Modicon Quantum Controller",
"product_id": "CSAFPID-0068"
},
"product_reference": "CSAFPID-0033",
"relates_to_product_reference": "CSAFPID-0021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
"product_id": "CSAFPID-0069"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
"product_id": "CSAFPID-0070"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "CSAFPID-0071"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
"product_id": "CSAFPID-0072"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
"product_id": "CSAFPID-0073"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "CSAFPID-0074"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
"product_id": "CSAFPID-0075"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
"product_id": "CSAFPID-0076"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
"product_id": "CSAFPID-0077"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Safety Firmware All Versions installed on Modicon Quantum Safety Controller",
"product_id": "CSAFPID-0078"
},
"product_reference": "CSAFPID-0035",
"relates_to_product_reference": "CSAFPID-0034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware Versions prior to v3.20 installed on Modicon Premium Controller",
"product_id": "CSAFPID-0079"
},
"product_reference": "CSAFPID-0037",
"relates_to_product_reference": "CSAFPID-0036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware Version 3.20 installed on Modicon Premium Controller",
"product_id": "CSAFPID-0080"
},
"product_reference": "CSAFPID-0038",
"relates_to_product_reference": "CSAFPID-0036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware All Versions installed on Modicon Premium Controller",
"product_id": "CSAFPID-0081"
},
"product_reference": "CSAFPID-0039",
"relates_to_product_reference": "CSAFPID-0036"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "PLC Simulator default component of EcoStruxure Control Expert Versions prior to v15.1",
"product_id": "CSAFPID-0082"
},
"product_reference": "CSAFPID-0040",
"relates_to_product_reference": "CSAFPID-0041"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6808",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability exists, which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 10.0 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2019-6808"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7847",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability exists which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 9.3 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7847"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7850",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"notes": [
{
"category": "description",
"text": "A reliance on untrusted inputs in a security decision vulnerability exists which could cause invalid information displayed in Unity Pro software.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/807.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7850"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7849",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause a possible denial of service due to improper data integrity check when sending files to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7849"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7842",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "description",
"text": "An authentication bypass by spoofing vulnerability exists which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7842"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7843",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0044",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0044",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
}
],
"title": "CVE-2018-7843"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7845",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability exists, which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0044",
"CSAFPID-0049",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0049"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0049"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0044",
"CSAFPID-0049",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
}
],
"title": "CVE-2018-7845"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7852",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0044",
"CSAFPID-0049",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0078",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0049"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0049"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0044",
"CSAFPID-0049",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0078",
"CSAFPID-0079"
]
}
],
"title": "CVE-2018-7852"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7853",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046"
],
"known_affected": [
"CSAFPID-0043"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043"
]
}
],
"title": "CVE-2018-7853"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7854",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause a denial of service when sending invalid debug parameters to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048"
]
}
],
"title": "CVE-2018-7854"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7855",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause a denial of service when sending invalid breakpoint parameters to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0058"
],
"known_affected": [
"CSAFPID-0045",
"CSAFPID-0050",
"CSAFPID-0055",
"CSAFPID-0057",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0045"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0050"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0057"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0045"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0050"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with CVE-2018-7855, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"CSAFPID-0055"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "mitigation",
"details": "If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploitation: To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"CSAFPID-0057"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0045",
"CSAFPID-0050",
"CSAFPID-0055",
"CSAFPID-0057",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7855"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7856",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause a possible denial of service when writing invalid memory blocks to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0044",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0044",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
}
],
"title": "CVE-2018-7856"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Dong Yang"
],
"organization": "Dingxiang Dongjian Security Lab"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7857",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause a possible denial of service when writing out of bounds variables to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0054",
"CSAFPID-0058",
"CSAFPID-0042"
],
"known_affected": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0056",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081",
"CSAFPID-0082"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0053"
],
"url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"CSAFPID-0053"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0056"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"CSAFPID-0056"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "vendor_fix",
"details": "Version v15.1 of EcoStruxure Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
"product_ids": [
"CSAFPID-0082"
],
"url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
},
{
"category": "mitigation",
"details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
"product_ids": [
"CSAFPID-0082"
]
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0047"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0052"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0056",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081",
"CSAFPID-0082"
]
}
],
"title": "CVE-2018-7857"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6806",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information exposure vulnerability exists which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6806"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0047"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0052"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2019-6806"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6807",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0054",
"CSAFPID-0058",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080",
"CSAFPID-0042"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0053",
"CSAFPID-0056",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079",
"CSAFPID-0082"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6807"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0053"
],
"url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"CSAFPID-0053"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0056"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"CSAFPID-0056"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
},
{
"category": "vendor_fix",
"details": "Version v15.1 of EcoStruxure Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
"product_ids": [
"CSAFPID-0082"
],
"url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
},
{
"category": "mitigation",
"details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
"product_ids": [
"CSAFPID-0082"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0053",
"CSAFPID-0056",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079",
"CSAFPID-0082"
]
}
],
"title": "CVE-2019-6807"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6828",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
}
],
"title": "CVE-2019-6828"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6829",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048"
]
}
],
"title": "CVE-2019-6829"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6809",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause a possible denial of service when reading invalid data from the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0080"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"CSAFPID-0059"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"CSAFPID-0060"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"CSAFPID-0061"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"CSAFPID-0062"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"CSAFPID-0063"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"CSAFPID-0064"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"CSAFPID-0065"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"CSAFPID-0066"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"CSAFPID-0067"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0079"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0079"
]
}
],
"title": "CVE-2019-6809"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7844",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information exposure vulnerability exists, which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0047"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0052"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0047",
"CSAFPID-0052",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7844"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6830",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "An uncaught exception vulnerability exists, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046"
],
"known_affected": [
"CSAFPID-0044"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/248.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0044"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0044"
]
}
],
"title": "CVE-2019-6830"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7848",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information exposure vulnerability exists, which could cause the disclosure of SNMP information when reading files from the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7848"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7846",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"notes": [
{
"category": "description",
"text": "A trust boundary violation vulnerability on connection to the controller exists which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 6.9 | Medium | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"CSAFPID-0046",
"CSAFPID-0051"
],
"known_affected": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/501.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"CSAFPID-0043"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"CSAFPID-0048"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"CSAFPID-0068",
"CSAFPID-0078"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"CSAFPID-0081"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"CSAFPID-0081"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0043",
"CSAFPID-0048",
"CSAFPID-0068",
"CSAFPID-0078",
"CSAFPID-0081"
]
}
],
"title": "CVE-2018-7846"
}
]
}
SEVD-2019-134-11
Vulnerability from csaf_se - Published: 2019-05-14 16:48 - Updated: 2026-04-14 07:00Summary
Multiple Vulnerabilities in Modicon Controller Products
Notes
General Security Recommendations: We strongly recommend the following industry cybersecurity best practices.
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.
For More Information: This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER: THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric: Schneider's purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and
sustainability for all. We call this Life Is On.
Our mission is to be the trusted partner in Sustainability and Efficiency.
We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart
industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep
domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation,
software and services, delivering digital twins to enable profitable growth for our customers.
We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries
to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our
meaningful purpose of a sustainable future for all.
www.se.com
Overview: Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products.
The [Modicon Programmable Automation controllers](https://www.se.com/ww/en/product-subcategory/3950-pac-programmable-automation-controllers/) are used for complex networked communication, display
and control applications
Failure to apply the mitigations or remediations provided below may risk execution of unsolicited command on
the PLC which could result in a loss of availability of the controller.
The severity of vulnerabilities was calculated using the CVSS Base metrics for 4.0 ([CVSS v4.0](https://www.first.org/cvss/calculator/4.0)). CVSS v3.1
will be still evaluated until the adoption of CVSS v4.0 by the industry. The severity was calculated without
incorporating the Temporal and Environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as
the presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer's environment.
Customers should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a Test and Development environment or on an offline infrastructure. Contact Schneider Electric's [Customer Care Center](https://www.se.com/us/en/work/support/contacts.jsp) if you need assistance removing a patch.
CWE-284: Improper Access Control vulnerability exists, which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.
10 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-284: Improper Access Control vulnerability exists which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
9.8 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists which could cause invalid information displayed in Unity Pro software.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists which could cause a possible Denial of Service due to improper data integrity check when sending files to the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-290: Authentication Bypass by Spoofing vulnerability exists which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 35 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-125: Out-of-bounds Read vulnerability exists, which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 35 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 40 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 35 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 40 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists, which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus.
7.5 (High)
CWE-248 Uncaught Exception vulnerability exists which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
CWE-248 Uncaught Exception vulnerability exists, which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 49 | — |
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 36 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 41 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 46 | — |
Mitigation
fix
|
|
| Unresolved product id: 48 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 35 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists, which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 45 | — | ||
| Unresolved product id: 49 | — | ||
|
EcoStruxure Control Expert Version 15.1
Schneider Electric / EcoStruxure Control Expert
|
15.1 |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 38 | — |
Mitigation
fix
|
|
| Unresolved product id: 43 | — |
Mitigation
fix
|
|
| Unresolved product id: 44 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 47 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 82 | — |
Vendor Fix
fix
Mitigation
|
CWE-200: Information Exposure vulnerability exists which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.
7.5 (High)
Affected products
Known affected
5 products
CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 45 | — | ||
| Unresolved product id: 49 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — | ||
|
EcoStruxure Control Expert Version 15.1
Schneider Electric / EcoStruxure Control Expert
|
15.1 |
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 44 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 47 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 82 | — |
Vendor Fix
fix
Mitigation
|
CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when reading invalid data from the controller.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — | ||
| Unresolved product id: 69 | — | ||
| Unresolved product id: 70 | — | ||
| Unresolved product id: 71 | — | ||
| Unresolved product id: 72 | — | ||
| Unresolved product id: 73 | — | ||
| Unresolved product id: 74 | — | ||
| Unresolved product id: 75 | — | ||
| Unresolved product id: 76 | — | ||
| Unresolved product id: 77 | — | ||
| Unresolved product id: 80 | — |
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 59 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 60 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 61 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 62 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 63 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 64 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 65 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 66 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 67 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 79 | — |
Vendor Fix
fix
Mitigation
fix
|
CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
7.5 (High)
Affected products
Known affected
5 products
CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
5.9 (Medium)
CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information when reading files from the controller over Modbus.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
CWE-501: Trust Boundary Violation vulnerability on connection to the controller exists which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 37 | — | ||
| Unresolved product id: 42 | — |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 34 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 39 | — |
Vendor Fix
fix
Mitigation
fix
|
|
| Unresolved product id: 68 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 78 | — |
No Fix Planned
Mitigation
fix
|
|
| Unresolved product id: 81 | — |
No Fix Planned
Mitigation
fix
|
References
3 references
Acknowledgments
Cisco Talos
Jared Rittle
nsfocus
Gao Jian
Kaspersky ICS CERT
Pavel Nesterov
Artem Zinenko
Dingxiang Dongjian Security Lab
Dong Yang
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\n\nFor more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\n\nFor further information related to cybersecurity in Schneider Electric\u0027s products, visit the company\u0027s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "Schneider\u0027s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and\r\nsustainability for all. We call this Life Is On.\n\nOur mission is to be the trusted partner in Sustainability and Efficiency.\n\nWe are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart\r\nindustries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep\r\ndomain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation,\r\nsoftware and services, delivering digital twins to enable profitable growth for our customers.\n\nWe are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries\r\nto ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our\r\nmeaningful purpose of a sustainable future for all. \n\n www.se.com",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products. \r\nThe [Modicon Programmable Automation controllers](https://www.se.com/ww/en/product-subcategory/3950-pac-programmable-automation-controllers/) are used for complex networked communication, display \r\nand control applications \r\nFailure to apply the mitigations or remediations provided below may risk execution of unsolicited command on \r\nthe PLC which could result in a loss of availability of the controller.",
"title": "Overview"
},
{
"category": "other",
"text": "The severity of vulnerabilities was calculated using the CVSS Base metrics for 4.0 ([CVSS v4.0](https://www.first.org/cvss/calculator/4.0)). CVSS v3.1 \nwill be still evaluated until the adoption of CVSS v4.0 by the industry. The severity was calculated without \nincorporating the Temporal and Environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as \nthe presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer\u0027s environment."
},
{
"category": "other",
"text": "Customers should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a Test and Development environment or on an offline infrastructure. Contact Schneider Electric\u0027s [Customer Care Center](https://www.se.com/us/en/work/support/contacts.jsp) if you need assistance removing a patch. "
}
],
"publisher": {
"category": "vendor",
"contact_details": "cpcert@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf"
},
{
"category": "self",
"summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2019-134-11.json"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/ww/en/download/document/7EN52-0390/"
}
],
"title": "Multiple Vulnerabilities in Modicon Controller Products",
"tracking": {
"current_release_date": "2026-04-14T07:00:00.000Z",
"generator": {
"date": "2026-04-13T20:08:52.646Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2019-134-11",
"initial_release_date": "2019-05-14T16:48:40.000Z",
"revision_history": [
{
"date": "2019-05-14T16:48:40.000Z",
"number": "1.0.0",
"summary": "Original Release"
},
{
"date": "2019-07-09T16:48:40.000Z",
"number": "1.1.0",
"summary": "Updated to include links to M580 V2.90 Firmware and Control Expert Hot Fix v14.0"
},
{
"date": "2019-07-12T16:48:40.000Z",
"number": "1.2.0",
"summary": "Updated mitigations for CVE-2019-6808"
},
{
"date": "2019-07-24T16:48:40.000Z",
"number": "1.3.0",
"summary": "Updated links to M580 v2.90 Firmware"
},
{
"date": "2019-08-13T16:48:40.000Z",
"number": "2.0.0",
"summary": "Updated: \r\n\u2022 CVE-2018-7846: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7849: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7848: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7842: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7847: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7850: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7854: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7852: modified to change M580 release which was erroneous (2.80 \r\ninstead of 2.90) \r\n\u2022 CVE-2018-7855: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6807: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6808: added fix available for M340 V3.10 \r\n\u2022 CVE-2018-7843: modified to change M340 release which was erroneous (3.01 \r\ninstead of 3.10) \r\n\u2022 CVE-2018-7856: added fix on M340 v3.10 (available earlier than expected) \r\n \r\nAdded 4 new CVEs: \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829 \r\n\u2022 CVE-2019-6809"
},
{
"date": "2019-12-10T16:48:40.000Z",
"number": "3.0.0",
"summary": "Updated: \r\n\u2022 CVE-2019-6806: Corrected remediation information for Modicon M340 \r\n\u2022 CVE-2018-7845: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7843: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6809: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6807: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7857: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7856: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7852: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6828: Fix for Premium \u0026 Quantum \r\n\u2022 Update of download links for latest versions of M580 / M340 \u0026 Quantum, plus \r\ncustomer support information for Premium. "
},
{
"date": "2020-05-12T16:48:40.000Z",
"number": "4.0.0",
"summary": "Updated fix version information for CVE-2018-7857"
},
{
"date": "2020-08-11T16:48:40.000Z",
"number": "4.1.0",
"summary": "Updated fix version information for CVE-2018-7857: \r\n\u2022 Additional fixes available for M580 v3.10 \r\n\u2022 Quantum \u0026 Premium previous fix is not enough to correct the CVE and \r\nrequires the additional mitigations proposed"
},
{
"date": "2020-10-12T16:48:40.000Z",
"number": "5.0.0",
"summary": "Additional required remediation steps added for M580 and M340 applicable to the \r\nfollowing CVEs: \r\n\u2022 CVE-2018-7846 \r\n\u2022 CVE-2018-7849 \r\n\u2022 CVE-2018-7843 \r\n\u2022 CVE-2018-7848 \r\n\u2022 CVE-2018-7842 \r\n\u2022 CVE-2018-7847 \r\n\u2022 CVE-2018-7850 \r\n\u2022 CVE-2018-7845 \r\n\u2022 CVE-2018-7852 \r\n\u2022 CVE-2018-7853 \r\n\u2022 CVE-2018-7854 \r\n\u2022 CVE-2018-7855 \r\n\u2022 CVE-2018-7856 \r\n\u2022 CVE-2018-7857 \r\n\u2022 CVE-2019-6807 \r\n\u2022 CVE-2019-6808 \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829 \r\n\u2022 CVE-2019-6809"
},
{
"date": "2020-12-08T16:48:40.000Z",
"number": "6.0.0",
"summary": "A fix for additional attack scenario is available on M340 v3.30 for \r\nCVE-2018-7857."
},
{
"date": "2022-09-13T16:48:40.000Z",
"number": "7.0.0",
"summary": "Modicon MC80 and PLC Simulator for EcoStruxure\u2122 Control Expert were added as \r\nimpacted product of CVE-2018-7857 and CVE-2019-6807 and the remediation is provided."
},
{
"date": "2023-01-10T16:48:40.000Z",
"number": "8.0.0",
"summary": "Modicon M340 and M580 latest firmware versions are affected by CVE-2018-7855 and \r\nadditional mitigations were added in the mitigation section."
},
{
"date": "2023-03-14T16:48:40.000Z",
"number": "9.0.0",
"summary": "A remediation is available for Modicon Momentum Unity M1E Processor part numbers \r\n171CBU* for CVE-2018-7857 and CVE-2019-6807 "
},
{
"date": "2024-02-13T16:48:40.000Z",
"number": "10.0.0",
"summary": "A remediation is available for Modicon M340 and M580 for CVE-2018-7855. Updated \r\nproducts affected version numbers."
},
{
"date": "2024-07-09T16:48:40.000Z",
"number": "11.0.0",
"summary": "Modicon MC80 and Momentum M1E PLCs were added as impacted products of CVE\r\n2018-7855. Mitigations are available for Modicon MC80 and Momentum M1E PLCs for \r\nCVE-2018-7855."
},
{
"date": "2025-02-11T16:48:40.000Z",
"number": "12.0.0",
"summary": "Correction of CVE list impacting Quantum Safety processor."
},
{
"date": "2026-04-14T07:00:00.000Z",
"number": "13.0.0",
"summary": "Remediation is available for CVE-2018-7855 in Modicon Momentum controller (Page 9)"
}
],
"status": "final",
"version": "13.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Modicon M580 Controller",
"product": {
"name": "Modicon M580 Controller",
"product_id": "1"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.90",
"product": {
"name": "Modicon M580 Firmware Versions prior to v2.90",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.80",
"product": {
"name": "Modicon M580 Firmware Versions prior to v2.80",
"product_id": "3"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.20",
"product": {
"name": "Modicon M580 Firmware Versions prior to v4.20",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "4.20",
"product": {
"name": "Modicon M580 Firmware Version 4.20",
"product_id": "5"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon M580 Firmware All Versions",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Modicon M580 Firmware"
},
{
"category": "product_name",
"name": "Modicon M340 Controller",
"product": {
"name": "Modicon M340 Controller",
"product_id": "7"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.10",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.10",
"product_id": "8"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.01",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.01",
"product_id": "9"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.60",
"product": {
"name": "Modicon M340 Firmware Versions prior to v3.60",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "3.60",
"product": {
"name": "Modicon M340 Firmware Version 3.60",
"product_id": "11"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon M340 Firmware All Versions",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "Modicon M340 Firmware"
},
{
"category": "product_name",
"name": "Modicon MC80 Controller",
"product": {
"name": "Modicon MC80 Controller",
"product_id": "13"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.80",
"product": {
"name": "Modicon MC80 Firmware Versions prior to v1.80",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "1.80",
"product": {
"name": "Modicon MC80 Firmware Version 1.80",
"product_id": "15"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon MC80 Firmware All Versions",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "Modicon MC80 Firmware"
},
{
"category": "product_name",
"name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product": {
"name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "17"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003cSV2.6",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6",
"product_id": "18"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.90",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "2.90",
"product": {
"name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "Modicon Momentum Unity M1E Processor Firmware"
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "21"
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "50",
"product_identification_helper": {
"model_numbers": [
"140CPU65150 [C]",
"140CPU65160 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "51",
"product_identification_helper": {
"model_numbers": [
"140CPU65260 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "52",
"product_identification_helper": {
"model_numbers": [
"140CPU67261 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "53",
"product_identification_helper": {
"model_numbers": [
"140CPU67060 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "54",
"product_identification_helper": {
"model_numbers": [
"140CPU67160 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "55",
"product_identification_helper": {
"model_numbers": [
"140CPU67261 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "56",
"product_identification_helper": {
"model_numbers": [
"140CPU67260 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "57",
"product_identification_helper": {
"model_numbers": [
"140CPU65860 [C]"
]
}
}
},
{
"category": "product_name",
"name": "Modicon Quantum Controller",
"product": {
"name": "Modicon Quantum Controller",
"product_id": "58",
"product_identification_helper": {
"model_numbers": [
"140CPU67861 [C]"
]
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.60",
"product": {
"name": "Modicon Quantum Firmware Versions prior to v3.60",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "3.60",
"product": {
"name": "Modicon Quantum Firmware Version 3.60",
"product_id": "23"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Quantum Firmware All Versions",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "Modicon Quantum Firmware"
},
{
"category": "product_name",
"name": "Modicon Quantum Safety Controller",
"product": {
"name": "Modicon Quantum Safety Controller",
"product_id": "25"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Quantum Safety Firmware All Versions",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "Modicon Quantum Safety Firmware"
},
{
"category": "product_name",
"name": "Modicon Premium Controller",
"product": {
"name": "Modicon Premium Controller",
"product_id": "27"
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.20",
"product": {
"name": "Modicon Premium Firmware Versions prior to v3.20",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Modicon Premium Firmware Version 3.20",
"product_id": "29"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Modicon Premium Firmware All Versions",
"product_id": "30"
}
}
],
"category": "product_name",
"name": "Modicon Premium Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "PLC Simulator",
"product": {
"name": "PLC Simulator",
"product_id": "31"
}
}
],
"category": "product_name",
"name": "PLC Simulator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c15.1",
"product": {
"name": "EcoStruxure Control Expert Versions prior to v15.1",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "15.1",
"product": {
"name": "EcoStruxure Control Expert Version 15.1",
"product_id": "33"
}
}
],
"category": "product_name",
"name": "EcoStruxure Control Expert"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v2.90 installed on Modicon M580 Controller",
"product_id": "34"
},
"product_reference": "2",
"relates_to_product_reference": "1"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v2.80 installed on Modicon M580 Controller",
"product_id": "35"
},
"product_reference": "3",
"relates_to_product_reference": "1"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Versions prior to v4.20 installed on Modicon M580 Controller (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
"product_id": "36"
},
"product_reference": "4",
"relates_to_product_reference": "1"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M580 Firmware Version 4.20 installed on Modicon M580 Controller",
"product_id": "37"
},
"product_reference": "5",
"relates_to_product_reference": "1"
},
{
"category": "installed_with",
"full_product_name": {
"name": "Modicon M580 Firmware All Versions installed with Modicon M580 Controller",
"product_id": "38"
},
"product_reference": "6",
"relates_to_product_reference": "1"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.10 installed on Modicon M340 Controller",
"product_id": "39"
},
"product_reference": "8",
"relates_to_product_reference": "7"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.01 installed on Modicon M340 Controller",
"product_id": "40"
},
"product_reference": "9",
"relates_to_product_reference": "7"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Versions prior to v3.60 installed on Modicon M340 Controller (part numbers BMXP34*)",
"product_id": "41"
},
"product_reference": "10",
"relates_to_product_reference": "7"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware Version 3.60 installed on Modicon M340 Controller",
"product_id": "42"
},
"product_reference": "11",
"relates_to_product_reference": "7"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon M340 Firmware All Versions installed on Modicon M340 Controller",
"product_id": "43"
},
"product_reference": "12",
"relates_to_product_reference": "7"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware Versions prior to v1.80 installed on Modicon MC80 Controller (BMKC8020301)",
"product_id": "44"
},
"product_reference": "14",
"relates_to_product_reference": "13"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware Version 1.80 installed on Modicon MC80 Controller",
"product_id": "45"
},
"product_reference": "15",
"relates_to_product_reference": "13"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon MC80 Firmware All Versions installed on Modicon MC80 Controller",
"product_id": "46"
},
"product_reference": "16",
"relates_to_product_reference": "13"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "47"
},
"product_reference": "18",
"relates_to_product_reference": "17"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "48"
},
"product_reference": "19",
"relates_to_product_reference": "17"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
"product_id": "49"
},
"product_reference": "20",
"relates_to_product_reference": "17"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
"product_id": "59"
},
"product_reference": "22",
"relates_to_product_reference": "50"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
"product_id": "60"
},
"product_reference": "22",
"relates_to_product_reference": "51"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "61"
},
"product_reference": "22",
"relates_to_product_reference": "52"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
"product_id": "62"
},
"product_reference": "22",
"relates_to_product_reference": "53"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
"product_id": "63"
},
"product_reference": "22",
"relates_to_product_reference": "54"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "64"
},
"product_reference": "22",
"relates_to_product_reference": "55"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
"product_id": "65"
},
"product_reference": "22",
"relates_to_product_reference": "56"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
"product_id": "66"
},
"product_reference": "22",
"relates_to_product_reference": "57"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
"product_id": "67"
},
"product_reference": "22",
"relates_to_product_reference": "58"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware All Versions installed on Modicon Quantum Controller",
"product_id": "68"
},
"product_reference": "24",
"relates_to_product_reference": "21"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
"product_id": "69"
},
"product_reference": "23",
"relates_to_product_reference": "50"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
"product_id": "70"
},
"product_reference": "23",
"relates_to_product_reference": "51"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "71"
},
"product_reference": "23",
"relates_to_product_reference": "52"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
"product_id": "72"
},
"product_reference": "23",
"relates_to_product_reference": "53"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
"product_id": "73"
},
"product_reference": "23",
"relates_to_product_reference": "54"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
"product_id": "74"
},
"product_reference": "23",
"relates_to_product_reference": "55"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
"product_id": "75"
},
"product_reference": "23",
"relates_to_product_reference": "56"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
"product_id": "76"
},
"product_reference": "23",
"relates_to_product_reference": "57"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
"product_id": "77"
},
"product_reference": "23",
"relates_to_product_reference": "58"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Quantum Safety Firmware All Versions installed on Modicon Quantum Safety Controller",
"product_id": "78"
},
"product_reference": "26",
"relates_to_product_reference": "25"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware Versions prior to v3.20 installed on Modicon Premium Controller",
"product_id": "79"
},
"product_reference": "28",
"relates_to_product_reference": "27"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware Version 3.20 installed on Modicon Premium Controller",
"product_id": "80"
},
"product_reference": "29",
"relates_to_product_reference": "27"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Modicon Premium Firmware All Versions installed on Modicon Premium Controller",
"product_id": "81"
},
"product_reference": "30",
"relates_to_product_reference": "27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "PLC Simulator default component of EcoStruxure Control Expert Versions prior to v15.1",
"product_id": "82"
},
"product_reference": "31",
"relates_to_product_reference": "32"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6808",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "CWE-284: Improper Access Control vulnerability exists, which could cause a remote code execution by \r\noverwriting configuration settings of the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 10.0 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2019-6808"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7847",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "CWE-284: Improper Access Control vulnerability exists which could cause denial of service or potential code \r\nexecution by overwriting configuration settings of the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 9.3 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7847"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7850",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"notes": [
{
"category": "description",
"text": "CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists which could cause invalid \r\ninformation displayed in Unity Pro software.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7850"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7849",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible Denial of Service due to \r\nimproper data integrity check when sending files to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7849"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7842",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "description",
"text": "CWE-290: Authentication Bypass by Spoofing vulnerability exists which could cause an elevation of privilege \r\nby conducting a brute force attack on Modbus parameters sent to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7842"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7843",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when reading memory \r\nblocks with an invalid data size or with an invalid data offset in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"35",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"35",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
}
],
"title": "CVE-2018-7843"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7845",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CWE-125: Out-of-bounds Read vulnerability exists, which could cause the disclosure of unexpected data from \r\nthe controller when reading specific memory blocks in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"35",
"40",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"40"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"40"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"35",
"40",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
}
],
"title": "CVE-2018-7845"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7852",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when an invalid private \r\ncommand parameter is sent to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"35",
"40",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"78",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"40"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"40"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"35",
"40",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"78",
"79"
]
}
],
"title": "CVE-2018-7852"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7853",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists, which could cause denial of service when reading invalid \r\nphysical memory blocks in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37"
],
"known_affected": [
"34"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34"
]
}
],
"title": "CVE-2018-7853"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7854",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248 Uncaught Exception vulnerability exists which could cause a denial of Service when sending invalid \r\ndebug parameters to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39"
]
}
],
"title": "CVE-2018-7854"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7855",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248 Uncaught Exception vulnerability exists, which could cause a Denial of Service when sending invalid \r\nbreakpoint parameters to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"49"
],
"known_affected": [
"36",
"41",
"46",
"48",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"36"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"41"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"48"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"36"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"41"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with CVE-2018-7855, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"46"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "mitigation",
"details": "If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploitation: To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"48"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"36",
"41",
"46",
"48",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7855"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7856",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of Service when writing \r\ninvalid memory blocks to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"35",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"35",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
}
],
"title": "CVE-2018-7856"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Dong Yang"
],
"organization": "Dingxiang Dongjian Security Lab"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7857",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible Denial of Service when \r\nwriting out of bounds variables to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"45",
"49",
"33"
],
"known_affected": [
"38",
"43",
"44",
"47",
"68",
"78",
"81",
"82"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"44"
],
"url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"44"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"47"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"47"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "vendor_fix",
"details": "Version v15.1 of EcoStruxure\u2122 Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
"product_ids": [
"82"
],
"url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
},
{
"category": "mitigation",
"details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure\u2122 Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
"product_ids": [
"82"
]
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"38"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"43"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"38",
"43",
"44",
"47",
"68",
"78",
"81",
"82"
]
}
],
"title": "CVE-2018-7857"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6806",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "CWE-200: Information Exposure vulnerability exists which could cause the disclosure of SNMP information\r\nwhen reading variables in the controller using Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"known_affected": [
"38",
"43",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"38"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"43"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"38",
"43",
"68",
"78",
"81"
]
}
],
"title": "CVE-2019-6806"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6807",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing \r\nsensitive application variables to the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"45",
"49",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80",
"33"
],
"known_affected": [
"34",
"39",
"44",
"47",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79",
"82"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"44"
],
"url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
"product_ids": [
"44"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
},
{
"category": "vendor_fix",
"details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"47"
],
"url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
"product_ids": [
"47"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
},
{
"category": "vendor_fix",
"details": "Version v15.1 of EcoStruxure\u2122 Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
"product_ids": [
"82"
],
"url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
},
{
"category": "mitigation",
"details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure\u2122 Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
"product_ids": [
"82"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"44",
"47",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79",
"82"
]
}
],
"title": "CVE-2019-6807"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6828",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nreading specific coils and registers in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"34",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
}
],
"title": "CVE-2019-6828"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6829",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing \r\nto specific memory addresses in the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39"
]
}
],
"title": "CVE-2019-6829"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6809",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nreading invalid data from the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"80"
],
"known_affected": [
"34",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
"product_ids": [
"59"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
"product_ids": [
"60"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
"product_ids": [
"61"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
"product_ids": [
"62"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
"product_ids": [
"63"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
"product_ids": [
"64"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
"product_ids": [
"65"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
"product_ids": [
"66"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
},
{
"category": "vendor_fix",
"details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
"product_ids": [
"67"
],
"url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
},
{
"category": "vendor_fix",
"details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
"product_ids": [
"79"
],
"url": "https://www.se.com/us/en/work/support/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "mitigation",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"79"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"34",
"39",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"79"
]
}
],
"title": "CVE-2019-6809"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2018-7844",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information\r\nwhen reading memory blocks from the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"known_affected": [
"38",
"43",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"38"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"43"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"38",
"43",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7844"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Gao Jian"
],
"organization": "nsfocus"
}
],
"cve": "CVE-2019-6830",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "description",
"text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nsending an appropriately timed HTTP request to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37"
],
"known_affected": [
"35"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"35"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"35"
]
}
],
"title": "CVE-2019-6830"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7848",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information\r\nwhen reading files from the controller over Modbus.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7848"
},
{
"acknowledgments": [
{
"names": [
"Jared Rittle"
],
"organization": "Cisco Talos"
},
{
"names": [
"Pavel Nesterov",
"Artem Zinenko"
],
"organization": "Kaspersky ICS CERT"
}
],
"cve": "CVE-2018-7846",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"notes": [
{
"category": "description",
"text": "CWE-501: Trust Boundary Violation vulnerability on connection to the controller exists which could cause \r\nunauthorized access by conducting a brute force attack on Modbus protocol to the controller.",
"title": "CVE Description"
},
{
"category": "details",
"text": "CVSS v4.0 Base Score 6.9 | Medium | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)",
"title": "CVSS v4.0 Score"
}
],
"product_status": {
"fixed": [
"37",
"42"
],
"known_affected": [
"34",
"39",
"68",
"78",
"81"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
},
{
"category": "vendor_fix",
"details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
"product_ids": [
"34"
],
"url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
},
{
"category": "mitigation",
"details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
"product_ids": [
"39"
],
"url": "https://www.se.com/ww/en/download/document/31007131K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"68",
"78"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
"product_ids": [
"68",
"78"
],
"url": "https://www.se.com/ww/en/download/document/33002467K01000/"
},
{
"category": "no_fix_planned",
"details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
"product_ids": [
"81"
]
},
{
"category": "mitigation",
"details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
"product_ids": [
"81"
],
"url": "https://www.se.com/ww/en/download/document/35006192K01000/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"34",
"39",
"68",
"78",
"81"
]
}
],
"title": "CVE-2018-7846"
}
]
}
VAR-201909-0046
Vulnerability from variot - Updated: 2023-12-18 11:59A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. Modicon M580 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France.
A security vulnerability exists in Schneider Electric Modicon M580 using firmware versions prior to V2.80. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.80"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6830"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6830",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6830",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-38871",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6830",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6830",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-38871",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-922",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6830",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. Modicon M580 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France. \n\nA security vulnerability exists in Schneider Electric Modicon M580 using firmware versions prior to V2.80. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6830",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2019-38871",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0808",
"trust": 0.6
},
{
"db": "IVD",
"id": "D465B226-B230-48F4-A247-C1B453D4F2F5",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-6830",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"id": "VAR-201909-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
}
],
"trust": 1.7935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
}
]
},
"last_update_date": "2023-12-18T11:59:36.461000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"title": "Patch for Schneider Electric Modicon M580 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/188177"
},
{
"title": "Schneider Electric Modicon M580 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96607"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6830 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6830"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6830"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0808"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6830"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-04T00:00:00",
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"date": "2019-09-17T20:15:12.267000",
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38871"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6830"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009522"
},
{
"date": "2022-10-14T03:07:39.410000",
"db": "NVD",
"id": "CVE-2019-6830"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M580 Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-38871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "d465b226-b230-48f4-a247-c1b453d4f2f5"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-922"
}
],
"trust": 0.8
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…