Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cisco Finds 11 Vulnerabilities in Schneider Electric Modicon Controllers

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).

There are a total of 11 security holes affecting Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium, and Modicon BMxCRA and 140CRA modules. The M580 PLC, which is the newest Modicon controller, is the only one affected by all the vulnerabilities, while the rest are impacted by 2-8 flaws.

The vulnerabilities are related to the Modbus, FTP and TFTP protocols, and the REST API. The more serious flaws — the ones affecting TFTP and the REST API — can be exploited by sending specially crafted requests to the targeted device. They have been assigned the CVE identifiers CVE-2019-6841 through CVE-2019-6851.Modicon M580 vulnerabilities

The three flaws related to the REST API are all classified as high severity, and they can be exploited for denial-of-service (DoS) attacks or they could lead to the disclosure of sensitive information.

The vulnerability related to the TFTP protocol is also high severity. Exploitation of the bug can result in the exposure of file and directory information, but the TFTP port is disabled by default on controllers, Schneider said.

As for the Modbus-related issue, it’s a medium-severity weakness involving the transmission of sensitive information in clear text when Modbus is used to transfer applications to the controller.

In the case of the FTP-related vulnerabilities, most of them can be exploited to cause devices to enter a DoS condition using a specially crafted firmware image.

Advertisement. Scroll to continue reading.

Learn More About PLC Vulnerabilities at SecurityWeek’s 2019 ICS Cyber Security Conference

Talos reported the vulnerabilities to Schneider Electric in May and July. The company this week published four separate advisories for the weaknesses, each focusing on the affected component. In each case, it blamed the vulnerabilities on the impacted protocol.

While it has not released any firmware updates to address the vulnerabilities, the company has provided a series of recommendations for preventing potential attacks. These include disabling the impacted services if not needed, blocking unauthorized access to specific ports at the firewall, and, in the case of the FTP-related bugs, changing default passwords.

Talos has published a blog post describing the FTP-related vulnerabilities, and released separate advisories for most of the flaws.

Related: Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator

Related: Schneider Electric Vehicle Charging Stations Exposed to Hacker Attacks

Related: Flaw in Schneider PLC Allows Significant Disruption to ICS

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.