Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cisco Finds 11 Vulnerabilities in Schneider Electric Modicon Controllers

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).

There are a total of 11 security holes affecting Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium, and Modicon BMxCRA and 140CRA modules. The M580 PLC, which is the newest Modicon controller, is the only one affected by all the vulnerabilities, while the rest are impacted by 2-8 flaws.

The vulnerabilities are related to the Modbus, FTP and TFTP protocols, and the REST API. The more serious flaws — the ones affecting TFTP and the REST API — can be exploited by sending specially crafted requests to the targeted device. They have been assigned the CVE identifiers CVE-2019-6841 through CVE-2019-6851.Modicon M580 vulnerabilities

The three flaws related to the REST API are all classified as high severity, and they can be exploited for denial-of-service (DoS) attacks or they could lead to the disclosure of sensitive information.

The vulnerability related to the TFTP protocol is also high severity. Exploitation of the bug can result in the exposure of file and directory information, but the TFTP port is disabled by default on controllers, Schneider said.

As for the Modbus-related issue, it’s a medium-severity weakness involving the transmission of sensitive information in clear text when Modbus is used to transfer applications to the controller.

In the case of the FTP-related vulnerabilities, most of them can be exploited to cause devices to enter a DoS condition using a specially crafted firmware image.

Learn More About PLC Vulnerabilities at SecurityWeek’s 2019 ICS Cyber Security Conference

Talos reported the vulnerabilities to Schneider Electric in May and July. The company this week published four separate advisories for the weaknesses, each focusing on the affected component. In each case, it blamed the vulnerabilities on the impacted protocol.

Advertisement. Scroll to continue reading.

While it has not released any firmware updates to address the vulnerabilities, the company has provided a series of recommendations for preventing potential attacks. These include disabling the impacted services if not needed, blocking unauthorized access to specific ports at the firewall, and, in the case of the FTP-related bugs, changing default passwords.

Talos has published a blog post describing the FTP-related vulnerabilities, and released separate advisories for most of the flaws.

Related: Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator

Related: Schneider Electric Vehicle Charging Stations Exposed to Hacker Attacks

Related: Flaw in Schneider PLC Allows Significant Disruption to ICS

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.