Schneider Fixes Modicon Vulnerability

Monday, December 21, 2015 @ 03:12 PM gHale

Schneider Electric produced a new firmware patch to mitigate a buffer overflow vulnerability in its Modicon M340 PLC product line, according to a report on ICS-CERT.

This vulnerability, discovered by independent researcher Nir Giller, is remotely exploitable.

No Updates for MOSCAD Issues
Most eWON Vulnerabilities Mitigated
No Fixes for Adcon Telemetry A840 Holes
Open Automation Software Hole

The vulnerability affects the following Modicon M340 PLC products:
• BMXNOC0401
• BMXNOE0100
• BMXNOE0110
• BMXNOR0200
• BMXP342020
• BMXP342020H
• BMXP342030
• BMXP3420302
• BMXP3420302H
• BMXPRA0100

Successful exploitation of this vulnerability could cause the attacked device to crash; a buffer overflow condition may allow remote code execution.

Schneider Electric is a Europe-based company that maintains offices in 190 countries worldwide.

The affected products, Modicon M340, are PLC devices. According to Schneider Electric, Modicon PLCs see action across several sectors including defense industrial base; energy; Government facilities; nuclear reactors, materials, and waste; transportation systems, and water and wastewater systems. Schneider Electric said these products see use primarily in the United States, China, Russia, and India.

The stack-based buffer overflow vulnerability may allow remote code execution.

CVE-2015-7937 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Schneider Electric produced a new firmware patch to mitigate this vulnerability.

Schneider Electric recommends blocking Port 80 using a firewall as one workaround.

Schneider Electric has also published a new firmware publication schedule.

Firmware Release dates:
• BMXNOC0401 December 15
• BMXNOE0100 (H) December 15
• BMXNOE0110 (H) December 15
• BMXNOR0200 (H) January 16
• BMXP342020 January 16
• BMXP3420302 January 16
• BMXPRA0100 January 16

For more information on this vulnerability and detailed instructions, click here to see SEVD-2015-344-01.