Modicon Vulnerabilities Fixed

Tuesday, August 28, 2018 @ 05:08 PM gHale

Schneider Electric fixed information management errors, permissions, privileges, and access controls vulnerabilities in its Modicon M221, according to a report with NCCIC.

Successful exploitation of these vulnerabilities, discovered by Irfan Ahmed, Hyunguk Yoo, Sushma Kalle, and Nehal Ameen of the University of New Orleans, may allow unauthorized users to replay authentication sequences, overwrite passwords, or decode passwords.

RELATED STORIES
Schneider Modicon M221 Hole Fixed
Schneider Fills PowerLogic Hole
ABB Fix Coming for eSOMS
BD Mitigates Hole in Alaris Plus

Modicon M221, all references, all versions prior to firmware v1.6.2.0 suffer from the remotely exploitable vulnerabilities.

In one vulnerability, unauthorized users can replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker may upload the original program from the PLC. 

CVE-2018-7790 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.

In the permissions, privileges, and access controls vulnerability, unauthorized users can overwrite the original password. If an attacker exploits this vulnerability and overwrites the password, the attacker may upload the original program from the PLC. 

CVE-2018-7791 is the case number assigned to this vulnerability., which has a CVSS v3 base score of 7.7.

In the permissions, privileges, and access controls vulnerability, it also allows unauthorized users to decode the password using a rainbow table. 

CVE-2018-7792 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.7.

The product sees use mainly in the commercial facilities sector, and it sees action on a global basis.

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

A fix for these vulnerabilities is implemented in Modicon M221 Firmware v1.6.2.0, delivered within SoMachine Basic v1.6 SP2, which is available for download below, or by using Schneider Electric Software Update tool.

As a temporary mitigation, Modicon M221 users should take the following measures:
• Set up a firewall blocking all remote/external access to Port 502.
• Within the Modicon M221 application, users must disable all unused protocols, especially programming protocol, as described in section “Configuring Ethernet Network” of SoMachine Basic online help. This will prevent remote programming of the M221 PLC.

Schneider Electric’s security notice SEVD-2018-235-01 is available at the following location:



Leave a Reply

You must be logged in to post a comment.