Summary: Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers, which could allow unauthorized access and compromise industrial operations. Users are urged to apply firmware updates and implement security best practices to mitigate risks associated with these vulnerabilities.
Threat Actor: Unknown | unknown
Victim: Schneider Electric | Schneider Electric
Key Point :
- Three major vulnerabilities identified: CVE-2024-8936 (8.3), CVE-2024-8937, and CVE-2024-8938 (both 9.2).
- Vulnerabilities could lead to unauthorized access, memory tampering, and arbitrary code execution.
- Firmware version SV3.65 released for Modicon M340 to address vulnerabilities; remediation plans for MC80 and Momentum are in development.
- Users advised to implement immediate mitigations such as firewall protections and access control lists.
Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers. These programmable automation controllers (PACs) are used widely in industrial settings to monitor and control operations. Schneider warns that “failure to apply the provided remediations/mitigations may risk unauthorized access to the controller,” potentially leading to a loss of confidentiality, integrity, and availability.
Three major vulnerabilities have been identified, affecting various versions of the controllers:
- CVE-2024-8936 (CVSS v4.0 score of 8.3): This vulnerability, related to improper input validation, could lead to unauthorized access and memory tampering during a Man-In-The-Middle attack via crafted Modbus function calls.
- CVE-2024-8937 and CVE-2024-8938 (CVSS v4.0 score of 9.2): Both vulnerabilities involve improper memory buffer restrictions, allowing attackers to execute arbitrary code by manipulating authentication processes or memory size computations.
Schneider Electric has released firmware version SV3.65 for the Modicon M340 to address these vulnerabilities. They advise users to apply the update and follow best practices, including network segmentation, firewall configurations, and memory protection settings. For the MC80 and Momentum models, remediation plans are in development, and users are encouraged to implement immediate mitigations such as firewall protections on port 502/TCP and access control lists.