Schneider Clears Old Modicon PLC Hole

Thursday, February 23, 2017 @ 04:02 PM gHale

Schneider Electric released new firmware to fix a resource exhaustion vulnerability in its Modicon M340 PLC, according to a report with ICS-CERT.

Independent researcher Luis Francisco Martin Liras reported the issue.

Sixnet Switches get Fix
VIPA Controls Patches WinPLC7 Hole
Siemens Updates DROWN Fix
Siemens Clears 2 RUGGEDCOM Holes

Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC.

Schneider Electric reported the vulnerability affects the following Modicon PLC products with firmware versions prior to Version 2.9:
• BMXNOC0401
• BMXNOE0100
• BMXNOE0110
• BMXP341000
• BMXP342000
• BMXP3420102
• BMXP3420102CL
• BMXP342020
• BMXP342020H
• BMXP342030
• BMXP3420302
• BMXP3420302H
• BMXP342030H

In the vulnerability, a remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

CVE-2017-6017 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action in the defense industrial base, energy, government facilities, nuclear reactors, materials, and waste, transportation systems and water and wastewater systems.

The product sees action mainly in the United States, China, Russia and India.

No known public exploits specifically target this vulnerability, which would take a low-skill level for an attacker to exploit.

Schneider Electric has released a new firmware version, Version 2.9, to mitigate the identified vulnerability.

Schneider Electric recommends that users upgrade to the latest firmware version.

Leave a Reply

You must be logged in to post a comment.