{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "We strongly recommend the following industry cybersecurity best practices.\n\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\n\nFor more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.",
        "title": "General Security Recommendations"
      },
      {
        "category": "general",
        "text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\n\nFor further information related to cybersecurity in Schneider Electric\u0027s products, visit the company\u0027s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
        "title": "For More Information"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND.  SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
        "title": "LEGAL DISCLAIMER"
      },
      {
        "category": "general",
        "text": "Schneider\u0027s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and\r\nsustainability for all. We call this Life Is On.\n\nOur mission is to be the trusted partner in Sustainability and Efficiency.\n\nWe are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart\r\nindustries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep\r\ndomain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation,\r\nsoftware and services, delivering digital twins to enable profitable growth for our customers.\n\nWe are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries\r\nto ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our\r\nmeaningful purpose of a sustainable future for all. \n\n www.se.com",
        "title": "About Schneider Electric"
      },
      {
        "category": "summary",
        "text": "Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products. \r\nThe [Modicon Programmable Automation controllers](https://www.se.com/ww/en/product-subcategory/3950-pac-programmable-automation-controllers/) are used for complex networked communication, display \r\nand control applications  \r\nFailure to apply the mitigations or remediations provided below may risk execution of unsolicited command on \r\nthe PLC which could result in a loss of availability of the controller.",
        "title": "Overview"
      },
      {
        "category": "other",
        "text": "The severity of vulnerabilities was calculated using the CVSS Base metrics for 4.0 ([CVSS v4.0](https://www.first.org/cvss/calculator/4.0)). CVSS v3.1 \nwill be still evaluated until the adoption of CVSS v4.0 by the industry. The severity was calculated without \nincorporating the Temporal and Environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as \nthe presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer\u0027s environment."
      },
      {
        "category": "other",
        "text": "Customers should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a Test and Development environment or on an offline infrastructure. Contact Schneider Electric\u0027s [Customer Care Center](https://www.se.com/us/en/work/support/contacts.jsp) if you need assistance removing a patch. "
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cpcert@se.com",
      "name": "Schneider Electric CPCERT",
      "namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
    },
    "references": [
      {
        "category": "self",
        "summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 PDF Version",
        "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf"
      },
      {
        "category": "self",
        "summary": "Multiple Vulnerabilities in Modicon Controller Products - SEVD-2019-134-11 CSAF Version",
        "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2019-134-11.json"
      },
      {
        "category": "external",
        "summary": "Recommended Cybersecurity Best Practices",
        "url": "https://www.se.com/ww/en/download/document/7EN52-0390/"
      }
    ],
    "title": "Multiple Vulnerabilities in Modicon Controller Products",
    "tracking": {
      "current_release_date": "2026-04-14T07:00:00.000Z",
      "generator": {
        "date": "2026-04-13T20:08:52.646Z",
        "engine": {
          "name": "Schneider Electric CSAF Generator",
          "version": "1.2"
        }
      },
      "id": "SEVD-2019-134-11",
      "initial_release_date": "2019-05-14T16:48:40.000Z",
      "revision_history": [
        {
          "date": "2019-05-14T16:48:40.000Z",
          "number": "1.0.0",
          "summary": "Original Release"
        },
        {
          "date": "2019-07-09T16:48:40.000Z",
          "number": "1.1.0",
          "summary": "Updated to include links to M580 V2.90 Firmware and Control Expert Hot Fix v14.0"
        },
        {
          "date": "2019-07-12T16:48:40.000Z",
          "number": "1.2.0",
          "summary": "Updated mitigations for CVE-2019-6808"
        },
        {
          "date": "2019-07-24T16:48:40.000Z",
          "number": "1.3.0",
          "summary": "Updated links to M580 v2.90 Firmware"
        },
        {
          "date": "2019-08-13T16:48:40.000Z",
          "number": "2.0.0",
          "summary": "Updated: \r\n\u2022 CVE-2018-7846: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7849: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7848: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7842: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7847: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7850: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7854: added fix available for M340 v3.10 \r\n\u2022 CVE-2018-7852: modified to change M580 release which was erroneous (2.80 \r\ninstead of 2.90) \r\n\u2022 CVE-2018-7855: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6807: added fix available for M340 v3.10 \r\n\u2022 CVE-2019-6808: added fix available for M340 V3.10 \r\n\u2022 CVE-2018-7843: modified to change M340 release which was erroneous (3.01 \r\ninstead of 3.10) \r\n\u2022 CVE-2018-7856: added fix on M340 v3.10 (available earlier than expected) \r\n \r\nAdded 4 new CVEs: \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829 \r\n\u2022 CVE-2019-6809"
        },
        {
          "date": "2019-12-10T16:48:40.000Z",
          "number": "3.0.0",
          "summary": "Updated: \r\n\u2022 CVE-2019-6806: Corrected remediation information for Modicon M340 \r\n\u2022 CVE-2018-7845: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7843: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6809: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6807: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7857: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7856: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2018-7852: Fix for Premium \u0026 Quantum \r\n\u2022 CVE-2019-6828: Fix for Premium \u0026 Quantum \r\n\u2022 Update of download links for latest versions of M580 / M340 \u0026 Quantum, plus \r\ncustomer support information for Premium. "
        },
        {
          "date": "2020-05-12T16:48:40.000Z",
          "number": "4.0.0",
          "summary": "Updated fix version information for CVE-2018-7857"
        },
        {
          "date": "2020-08-11T16:48:40.000Z",
          "number": "4.1.0",
          "summary": "Updated fix version information for CVE-2018-7857: \r\n\u2022 Additional fixes available for M580 v3.10 \r\n\u2022 Quantum \u0026 Premium previous fix is not enough to correct the CVE and \r\nrequires the additional mitigations proposed"
        },
        {
          "date": "2020-10-12T16:48:40.000Z",
          "number": "5.0.0",
          "summary": "Additional required remediation steps added for M580 and M340 applicable to the \r\nfollowing CVEs:  \r\n\u2022 CVE-2018-7846 \r\n\u2022 CVE-2018-7849 \r\n\u2022 CVE-2018-7843 \r\n\u2022 CVE-2018-7848 \r\n\u2022 CVE-2018-7842 \r\n\u2022 CVE-2018-7847 \r\n\u2022 CVE-2018-7850 \r\n\u2022 CVE-2018-7845 \r\n\u2022 CVE-2018-7852 \r\n\u2022 CVE-2018-7853 \r\n\u2022 CVE-2018-7854 \r\n\u2022 CVE-2018-7855 \r\n\u2022 CVE-2018-7856 \r\n\u2022 CVE-2018-7857  \r\n\u2022 CVE-2019-6807 \r\n\u2022 CVE-2019-6808 \r\n\u2022 CVE-2019-6830 \r\n\u2022 CVE-2019-6828 \r\n\u2022 CVE-2019-6829  \r\n\u2022 CVE-2019-6809"
        },
        {
          "date": "2020-12-08T16:48:40.000Z",
          "number": "6.0.0",
          "summary": "A fix for additional attack scenario is available on M340 v3.30 for  \r\nCVE-2018-7857."
        },
        {
          "date": "2022-09-13T16:48:40.000Z",
          "number": "7.0.0",
          "summary": "Modicon MC80 and PLC Simulator for EcoStruxure\u2122 Control Expert were added as \r\nimpacted product of CVE-2018-7857 and CVE-2019-6807 and the remediation is provided."
        },
        {
          "date": "2023-01-10T16:48:40.000Z",
          "number": "8.0.0",
          "summary": "Modicon M340 and M580 latest firmware versions are affected by CVE-2018-7855 and \r\nadditional mitigations were added in the mitigation section."
        },
        {
          "date": "2023-03-14T16:48:40.000Z",
          "number": "9.0.0",
          "summary": "A remediation is available for Modicon Momentum Unity M1E Processor part numbers \r\n171CBU* for CVE-2018-7857 and CVE-2019-6807 "
        },
        {
          "date": "2024-02-13T16:48:40.000Z",
          "number": "10.0.0",
          "summary": "A remediation is available for Modicon M340 and M580 for CVE-2018-7855. Updated \r\nproducts affected version numbers."
        },
        {
          "date": "2024-07-09T16:48:40.000Z",
          "number": "11.0.0",
          "summary": "Modicon MC80 and Momentum M1E PLCs were added as impacted products of CVE\r\n2018-7855. Mitigations are available for Modicon MC80 and Momentum M1E PLCs for \r\nCVE-2018-7855."
        },
        {
          "date": "2025-02-11T16:48:40.000Z",
          "number": "12.0.0",
          "summary": "Correction of CVE list impacting Quantum Safety processor."
        },
        {
          "date": "2026-04-14T07:00:00.000Z",
          "number": "13.0.0",
          "summary": "Remediation is available for CVE-2018-7855 in Modicon Momentum controller (Page 9)"
        }
      ],
      "status": "final",
      "version": "13.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Modicon M580 Controller",
            "product": {
              "name": "Modicon M580 Controller",
              "product_id": "1"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.90",
                "product": {
                  "name": "Modicon M580 Firmware Versions prior to v2.90",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.80",
                "product": {
                  "name": "Modicon M580 Firmware Versions prior to v2.80",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c4.20",
                "product": {
                  "name": "Modicon M580 Firmware Versions prior to v4.20",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "4.20",
                "product": {
                  "name": "Modicon M580 Firmware Version 4.20",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon M580 Firmware All Versions",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon M580 Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon M340 Controller",
            "product": {
              "name": "Modicon M340 Controller",
              "product_id": "7"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c3.10",
                "product": {
                  "name": "Modicon M340 Firmware Versions prior to v3.10",
                  "product_id": "8"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c3.01",
                "product": {
                  "name": "Modicon M340 Firmware Versions prior to v3.01",
                  "product_id": "9"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c3.60",
                "product": {
                  "name": "Modicon M340 Firmware Versions prior to v3.60",
                  "product_id": "10"
                }
              },
              {
                "category": "product_version",
                "name": "3.60",
                "product": {
                  "name": "Modicon M340 Firmware Version 3.60",
                  "product_id": "11"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon M340 Firmware All Versions",
                  "product_id": "12"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon M340 Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon MC80 Controller",
            "product": {
              "name": "Modicon MC80 Controller",
              "product_id": "13"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c1.80",
                "product": {
                  "name": "Modicon MC80 Firmware Versions prior to v1.80",
                  "product_id": "14"
                }
              },
              {
                "category": "product_version",
                "name": "1.80",
                "product": {
                  "name": "Modicon MC80 Firmware Version 1.80",
                  "product_id": "15"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon MC80 Firmware All Versions",
                  "product_id": "16"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon MC80 Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
            "product": {
              "name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
              "product_id": "17"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:generic/\u003cSV2.6",
                "product": {
                  "name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6",
                  "product_id": "18"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.90",
                "product": {
                  "name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90",
                  "product_id": "19"
                }
              },
              {
                "category": "product_version",
                "name": "2.90",
                "product": {
                  "name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon Momentum Unity M1E Processor Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "21"
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "50",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU65150 [C]",
                  "140CPU65160 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "51",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU65260 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "52",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67261 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "53",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67060 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "54",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67160 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "55",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67261 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "56",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67260 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "57",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU65860 [C]"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Controller",
            "product": {
              "name": "Modicon Quantum Controller",
              "product_id": "58",
              "product_identification_helper": {
                "model_numbers": [
                  "140CPU67861 [C]"
                ]
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c3.60",
                "product": {
                  "name": "Modicon Quantum Firmware Versions prior to v3.60",
                  "product_id": "22"
                }
              },
              {
                "category": "product_version",
                "name": "3.60",
                "product": {
                  "name": "Modicon Quantum Firmware Version 3.60",
                  "product_id": "23"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon Quantum Firmware All Versions",
                  "product_id": "24"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon Quantum Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon Quantum Safety Controller",
            "product": {
              "name": "Modicon Quantum Safety Controller",
              "product_id": "25"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon Quantum Safety Firmware All Versions",
                  "product_id": "26"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon Quantum Safety Firmware"
          },
          {
            "category": "product_name",
            "name": "Modicon Premium Controller",
            "product": {
              "name": "Modicon Premium Controller",
              "product_id": "27"
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c3.20",
                "product": {
                  "name": "Modicon Premium Firmware Versions prior to v3.20",
                  "product_id": "28"
                }
              },
              {
                "category": "product_version",
                "name": "3.20",
                "product": {
                  "name": "Modicon Premium Firmware Version 3.20",
                  "product_id": "29"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Modicon Premium Firmware All Versions",
                  "product_id": "30"
                }
              }
            ],
            "category": "product_name",
            "name": "Modicon Premium Firmware"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "PLC Simulator",
                "product": {
                  "name": "PLC Simulator",
                  "product_id": "31"
                }
              }
            ],
            "category": "product_name",
            "name": "PLC Simulator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c15.1",
                "product": {
                  "name": "EcoStruxure Control Expert Versions prior to v15.1",
                  "product_id": "32"
                }
              },
              {
                "category": "product_version",
                "name": "15.1",
                "product": {
                  "name": "EcoStruxure Control Expert Version 15.1",
                  "product_id": "33"
                }
              }
            ],
            "category": "product_name",
            "name": "EcoStruxure Control Expert"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M580 Firmware Versions prior to v2.90 installed on Modicon M580 Controller",
          "product_id": "34"
        },
        "product_reference": "2",
        "relates_to_product_reference": "1"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M580 Firmware Versions prior to v2.80 installed on Modicon M580 Controller",
          "product_id": "35"
        },
        "product_reference": "3",
        "relates_to_product_reference": "1"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M580 Firmware Versions prior to v4.20 installed on Modicon M580 Controller (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
          "product_id": "36"
        },
        "product_reference": "4",
        "relates_to_product_reference": "1"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M580 Firmware Version 4.20 installed on Modicon M580 Controller",
          "product_id": "37"
        },
        "product_reference": "5",
        "relates_to_product_reference": "1"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Modicon M580 Firmware All Versions installed with Modicon M580 Controller",
          "product_id": "38"
        },
        "product_reference": "6",
        "relates_to_product_reference": "1"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M340 Firmware Versions prior to v3.10 installed on Modicon M340 Controller",
          "product_id": "39"
        },
        "product_reference": "8",
        "relates_to_product_reference": "7"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M340 Firmware Versions prior to v3.01 installed on Modicon M340 Controller",
          "product_id": "40"
        },
        "product_reference": "9",
        "relates_to_product_reference": "7"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M340 Firmware Versions prior to v3.60 installed on Modicon M340 Controller (part numbers BMXP34*)",
          "product_id": "41"
        },
        "product_reference": "10",
        "relates_to_product_reference": "7"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M340 Firmware Version 3.60 installed on Modicon M340 Controller",
          "product_id": "42"
        },
        "product_reference": "11",
        "relates_to_product_reference": "7"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon M340 Firmware All Versions installed on Modicon M340 Controller",
          "product_id": "43"
        },
        "product_reference": "12",
        "relates_to_product_reference": "7"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon MC80 Firmware Versions prior to v1.80 installed on Modicon MC80 Controller (BMKC8020301)",
          "product_id": "44"
        },
        "product_reference": "14",
        "relates_to_product_reference": "13"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon MC80 Firmware Version 1.80 installed on Modicon MC80 Controller",
          "product_id": "45"
        },
        "product_reference": "15",
        "relates_to_product_reference": "13"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon MC80 Firmware All Versions installed on Modicon MC80 Controller",
          "product_id": "46"
        },
        "product_reference": "16",
        "relates_to_product_reference": "13"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to sv2.6 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
          "product_id": "47"
        },
        "product_reference": "18",
        "relates_to_product_reference": "17"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Momentum Unity M1E Processor Firmware Versions prior to v2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
          "product_id": "48"
        },
        "product_reference": "19",
        "relates_to_product_reference": "17"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Momentum Unity M1E Processor Firmware Version 2.90 installed on Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Controller",
          "product_id": "49"
        },
        "product_reference": "20",
        "relates_to_product_reference": "17"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
          "product_id": "59"
        },
        "product_reference": "22",
        "relates_to_product_reference": "50"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
          "product_id": "60"
        },
        "product_reference": "22",
        "relates_to_product_reference": "51"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
          "product_id": "61"
        },
        "product_reference": "22",
        "relates_to_product_reference": "52"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
          "product_id": "62"
        },
        "product_reference": "22",
        "relates_to_product_reference": "53"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
          "product_id": "63"
        },
        "product_reference": "22",
        "relates_to_product_reference": "54"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
          "product_id": "64"
        },
        "product_reference": "22",
        "relates_to_product_reference": "55"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
          "product_id": "65"
        },
        "product_reference": "22",
        "relates_to_product_reference": "56"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
          "product_id": "66"
        },
        "product_reference": "22",
        "relates_to_product_reference": "57"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Versions prior to v3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
          "product_id": "67"
        },
        "product_reference": "22",
        "relates_to_product_reference": "58"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware All Versions installed on Modicon Quantum Controller",
          "product_id": "68"
        },
        "product_reference": "24",
        "relates_to_product_reference": "21"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65150 [C] \u0026 140CPU65160 [C]",
          "product_id": "69"
        },
        "product_reference": "23",
        "relates_to_product_reference": "50"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65260 [C]",
          "product_id": "70"
        },
        "product_reference": "23",
        "relates_to_product_reference": "51"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
          "product_id": "71"
        },
        "product_reference": "23",
        "relates_to_product_reference": "52"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67060 [C]",
          "product_id": "72"
        },
        "product_reference": "23",
        "relates_to_product_reference": "53"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67160 [C]",
          "product_id": "73"
        },
        "product_reference": "23",
        "relates_to_product_reference": "54"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67261 [C]",
          "product_id": "74"
        },
        "product_reference": "23",
        "relates_to_product_reference": "55"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67260 [C]",
          "product_id": "75"
        },
        "product_reference": "23",
        "relates_to_product_reference": "56"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU65860 [C]",
          "product_id": "76"
        },
        "product_reference": "23",
        "relates_to_product_reference": "57"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Firmware Version 3.60 installed on Modicon Quantum Controller 140CPU67861 [C]",
          "product_id": "77"
        },
        "product_reference": "23",
        "relates_to_product_reference": "58"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Quantum Safety Firmware All Versions installed on Modicon Quantum Safety Controller",
          "product_id": "78"
        },
        "product_reference": "26",
        "relates_to_product_reference": "25"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Premium Firmware Versions prior to v3.20 installed on Modicon Premium Controller",
          "product_id": "79"
        },
        "product_reference": "28",
        "relates_to_product_reference": "27"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Premium Firmware Version 3.20 installed on Modicon Premium Controller",
          "product_id": "80"
        },
        "product_reference": "29",
        "relates_to_product_reference": "27"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Modicon Premium Firmware All Versions installed on Modicon Premium Controller",
          "product_id": "81"
        },
        "product_reference": "30",
        "relates_to_product_reference": "27"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "PLC Simulator default component of EcoStruxure Control Expert Versions prior to v15.1",
          "product_id": "82"
        },
        "product_reference": "31",
        "relates_to_product_reference": "32"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6808",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-284: Improper Access Control vulnerability exists, which could cause a remote code execution by \r\noverwriting configuration settings of the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 10.0 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2019-6808"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Pavel Nesterov",
            "Artem Zinenko"
          ],
          "organization": "Kaspersky ICS CERT"
        }
      ],
      "cve": "CVE-2018-7847",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-284: Improper Access Control vulnerability exists which could cause denial of service or potential code \r\nexecution by overwriting configuration settings of the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 9.3 | Critical | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7847"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7850",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists which could cause invalid \r\ninformation displayed in Unity Pro software.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7850"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Pavel Nesterov",
            "Artem Zinenko"
          ],
          "organization": "Kaspersky ICS CERT"
        }
      ],
      "cve": "CVE-2018-7849",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible Denial of Service due to \r\nimproper data integrity check when sending files to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7849"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Pavel Nesterov",
            "Artem Zinenko"
          ],
          "organization": "Kaspersky ICS CERT"
        }
      ],
      "cve": "CVE-2018-7842",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-290: Authentication Bypass by Spoofing vulnerability exists which could cause an elevation of privilege \r\nby conducting a brute force attack on Modbus parameters sent to the controller.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7842"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7843",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when reading memory \r\nblocks with an invalid data size or with an invalid data offset in the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "35",
          "39",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "35",
            "39",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79"
          ]
        }
      ],
      "title": "CVE-2018-7843"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7845",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-125: Out-of-bounds Read vulnerability exists, which could cause the disclosure of unexpected data from \r\nthe controller when reading specific memory blocks in the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "35",
          "40",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "40"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "40"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "35",
            "40",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79"
          ]
        }
      ],
      "title": "CVE-2018-7845"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7852",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause denial of service when an invalid private \r\ncommand parameter is sent to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "35",
          "40",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "78",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "40"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "40"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "35",
            "40",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "78",
            "79"
          ]
        }
      ],
      "title": "CVE-2018-7852"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7853",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists, which could cause denial of service when reading invalid \r\nphysical memory blocks in the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37"
        ],
        "known_affected": [
          "34"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34"
          ]
        }
      ],
      "title": "CVE-2018-7853"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7854",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248 Uncaught Exception vulnerability exists which could cause a denial of Service when sending invalid \r\ndebug parameters to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39"
          ]
        }
      ],
      "title": "CVE-2018-7854"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7855",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248 Uncaught Exception vulnerability exists, which could cause a Denial of Service when sending invalid \r\nbreakpoint parameters to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "49"
        ],
        "known_affected": [
          "36",
          "41",
          "46",
          "48",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "36"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "41"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "48"
          ],
          "url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "36"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "41"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with CVE-2018-7855, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
          "product_ids": [
            "46"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
        },
        {
          "category": "mitigation",
          "details": "If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploitation: To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
          "product_ids": [
            "48"
          ],
          "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "36",
            "41",
            "46",
            "48",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7855"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7856",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of Service when writing \r\ninvalid memory blocks to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "35",
          "39",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "35",
            "39",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79"
          ]
        }
      ],
      "title": "CVE-2018-7856"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Dong Yang"
          ],
          "organization": "Dingxiang Dongjian Security Lab"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7857",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible Denial of Service when \r\nwriting out of bounds variables to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "45",
          "49",
          "33"
        ],
        "known_affected": [
          "38",
          "43",
          "44",
          "47",
          "68",
          "78",
          "81",
          "82"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "44"
          ],
          "url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
          "product_ids": [
            "44"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "47"
          ],
          "url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
          "product_ids": [
            "47"
          ],
          "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
        },
        {
          "category": "vendor_fix",
          "details": "Version v15.1 of EcoStruxure\u2122 Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
          "product_ids": [
            "82"
          ],
          "url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure\u2122 Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
          "product_ids": [
            "82"
          ]
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "38"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "43"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "38",
            "43",
            "44",
            "47",
            "68",
            "78",
            "81",
            "82"
          ]
        }
      ],
      "title": "CVE-2018-7857"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6806",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-200: Information Exposure vulnerability exists which could cause the disclosure of SNMP information\r\nwhen reading variables in the controller using Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "known_affected": [
          "38",
          "43",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "38"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "43"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "38",
            "43",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2019-6806"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6807",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing \r\nsensitive application variables to the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "45",
          "49",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80",
          "33"
        ],
        "known_affected": [
          "34",
          "39",
          "44",
          "47",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79",
          "82"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "vendor_fix",
          "details": "Version v1.80 of Modicon MC80 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon MC80 controller, update to firmware V1.80 or above: https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "44"
          ],
          "url": "https://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks, users should immediately apply the following steps: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\u2022 \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/",
          "product_ids": [
            "44"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000002071/"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv2.90 of Modicon Momentum includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.2 HF003 (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware). \u2022 On the Modicon Momentum CPU, update to firmware v2.90: https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "47"
          ],
          "url": "https://www.se.com/ww/en/product-range/535-modicon-momentum/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus weaknesses, users should immediately: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual, \u201cMomentum for EcoStruxure Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d: https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller. ",
          "product_ids": [
            "47"
          ],
          "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_Doc_Ref=HRB44124"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        },
        {
          "category": "vendor_fix",
          "details": "Version v15.1 of EcoStruxure\u2122 Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware ",
          "product_ids": [
            "82"
          ],
          "url": "https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "Customers should immediately apply the following mitigations to reduce the risk of exploit: \r\n\u2022 Ensure to use simulator default panel option to make PLC simulator accessible only locally. \r\n\u2022 Modbus network connections are disabled by default on the PLC Simulator present in EcoStruxure\u2122 Control Expert, mitigating the risk associated to this vulnerability. \r\nNote: The PLC Simulator feature is part of the EcoStruxure Control Expert software, and it helps users to review and test their configurations files in a simulation environment. It is not intended to be used as a controller CPU in a production environment.",
          "product_ids": [
            "82"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "44",
            "47",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79",
            "82"
          ]
        }
      ],
      "title": "CVE-2019-6807"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6828",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nreading specific coils and registers in the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "34",
          "39",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79"
          ]
        }
      ],
      "title": "CVE-2019-6828"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6829",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing \r\nto specific memory addresses in the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39"
          ]
        }
      ],
      "title": "CVE-2019-6829"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6809",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nreading invalid data from the controller.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42",
          "69",
          "70",
          "71",
          "72",
          "73",
          "74",
          "75",
          "76",
          "77",
          "80"
        ],
        "known_affected": [
          "34",
          "39",
          "59",
          "60",
          "61",
          "62",
          "63",
          "64",
          "65",
          "66",
          "67",
          "79"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here: \r\n140CPU65150 [C] \u0026 140CPU65160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60",
          "product_ids": [
            "59"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60",
          "product_ids": [
            "60"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60",
          "product_ids": [
            "61"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67060 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60 ",
          "product_ids": [
            "62"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67160 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60 ",
          "product_ids": [
            "63"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67261 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60 ",
          "product_ids": [
            "64"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67260 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60 ",
          "product_ids": [
            "65"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU65860 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60 ",
          "product_ids": [
            "66"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Version v3.60 of Modicon Quantum includes a fix for this vulnerability and is available for download here:\r\n140CPU67861 [C] - https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60",
          "product_ids": [
            "67"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60"
        },
        {
          "category": "vendor_fix",
          "details": "Please contact your Schneider Electric customer support to get Premium V3.20 firmware. \r\nTSXP57104M [C] \r\nTSXP57154M [C] \r\nTSXP571634M [C] \r\nTSXP57204M [C] \r\nTSXP572634M [C] \r\nTSXP57254M [C] \r\nTSXP57304M [C] \r\nTSXP573634M [C] \r\nTSXP57354M [C] \r\nTSXP574634M [C] \r\nTSXP57454M [C] \r\nTSXP575634M [C] \r\nTSXP57554M [C] \r\nTSXP576634M [C] \r\nTSXH5724M [C] \r\nTSXH5744M [C]",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/us/en/work/support/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "79"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "59",
            "60",
            "61",
            "62",
            "63",
            "64",
            "65",
            "66",
            "67",
            "79"
          ]
        }
      ],
      "title": "CVE-2019-6809"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2018-7844",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information\r\nwhen reading memory blocks from the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.7 | High | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "known_affected": [
          "38",
          "43",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "38"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "43"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "38",
            "43",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7844"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Gao Jian"
          ],
          "organization": "nsfocus"
        }
      ],
      "cve": "CVE-2019-6830",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when \r\nsending an appropriately timed HTTP request to the controller.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37"
        ],
        "known_affected": [
          "35"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "35"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "35"
          ]
        }
      ],
      "title": "CVE-2019-6830"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Pavel Nesterov",
            "Artem Zinenko"
          ],
          "organization": "Kaspersky ICS CERT"
        }
      ],
      "cve": "CVE-2018-7848",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-200: Information Exposure vulnerability exists, which could cause the disclosure of SNMP information\r\nwhen reading files from the controller over Modbus.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 8.2 | High | [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7848"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jared Rittle"
          ],
          "organization": "Cisco Talos"
        },
        {
          "names": [
            "Pavel Nesterov",
            "Artem Zinenko"
          ],
          "organization": "Kaspersky ICS CERT"
        }
      ],
      "cve": "CVE-2018-7846",
      "cwe": {
        "id": "CWE-501",
        "name": "Trust Boundary Violation"
      },
      "notes": [
        {
          "category": "description",
          "text": "CWE-501: Trust Boundary Violation vulnerability on connection to the controller exists which could cause \r\nunauthorized access by conducting a brute force attack on Modbus protocol to the controller.",
          "title": "CVE Description"
        },
        {
          "category": "details",
          "text": "CVSS v4.0 Base Score 6.9 | Medium | [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)",
          "title": "CVSS v4.0 Score"
        }
      ],
      "product_status": {
        "fixed": [
          "37",
          "42"
        ],
        "known_affected": [
          "34",
          "39",
          "68",
          "78",
          "81"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Version sv4.20 of Modicon M580 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware. \u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M580 controller, update to firmware SV4.20 or above: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects ",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware"
        },
        {
          "category": "vendor_fix",
          "details": "Version sv3.60 of Modicon M340 includes a fix for this vulnerability and is available for download here: STEP 1: Update software and firmware \u2022 On the engineering workstation, update to EcoStruxure\u2122 Control Expert v16.0 or later: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware \u2022 On the Modicon M340 controller, update to firmware v3.60 or above: https://www.se.com/ww/en/product-range/1468- modicon-m340/#software-and-firmware STEP 2: Update projects in EcoStruxure\u2122 Control Expert by: \u2022 Setting up an application password in the project properties \u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure\u2122 Control Expert: \u2022 Rebuild all current projects \u2022 Transfer them to Modicon controllers",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \u2022 Set up an application password in the project properties \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List following the recommendations of the user manuals: https://www.se.com/ww/en/download/document/EIO0000001578/ \u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ NOTE: Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/ \r\n\r\nOR\r\n\r\n\u2022 Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350 \r\n\r\nOR \r\n\r\n\u2022 Consider using external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 and M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \u2022 Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/ \r\n\r\nNOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.",
          "product_ids": [
            "34"
          ],
          "url": "https://www.se.com/ww/en/download/document/EIO0000001999/"
        },
        {
          "category": "mitigation",
          "details": "It is recommended to apply the following mitigations to reduce the risk of exploitation: \r\n\u2022 Set up an application password in the project properties \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n\to \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/ \r\n\u2022 Set up a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ ",
          "product_ids": [
            "39"
          ],
          "url": "https://www.se.com/ww/en/download/document/31007131K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "68",
            "78"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/",
          "product_ids": [
            "68",
            "78"
          ],
          "url": "https://www.se.com/ww/en/download/document/33002467K01000/"
        },
        {
          "category": "no_fix_planned",
          "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.",
          "product_ids": [
            "81"
          ]
        },
        {
          "category": "mitigation",
          "details": "To mitigate the risks associated with Modbus/ weaknesses, users should immediately: \r\n\u2022 Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/",
          "product_ids": [
            "81"
          ],
          "url": "https://www.se.com/ww/en/download/document/35006192K01000/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "34",
            "39",
            "68",
            "78",
            "81"
          ]
        }
      ],
      "title": "CVE-2018-7846"
    }
  ]
}