Multiple critical vulnerabilities reported in Schneider Electric Modicon controllers

Schneider Electric is reporting several security vulnerabilities affecting its Modicon series of programmable automation controllers (PACs), including the M340, Momentum, and MC80 models. These controllers are used in various industrial sectors including manufacturing, energy, and critical infrastructure for controlling and monitoring industrial operations.

Three major vulnerabilities have been identified, with varying degrees of severity:

• CVE-2024-8937 (CVSS score 9.2) - Improper Restriction of Operations within Memory Buffer that could lead to potential arbitrary code execution. An attacker can execute a Man-in-the-Middle attack targeting authentication process. Affected systems are all versions of M340 (pre-SV3.65), MC80, and Momentum Unity M1E
• CVE-2024-8938 (CVSS score 9.2) - Improper Restriction of Operations within Memory Buffer that could lead to potential arbitrary code execution. An attacker can execute a Man-in-the-Middle attack affecting memory size computation. Affected systems are all versions of M340 (pre-SV3.65), MC80, and Momentum Unity M1E
• CVE-2024-8936 (CVSS score 8.3) - Improper Input Validation that could lead to loss of controller memory confidentiality. An attacker can execute a Man-in-the-Middle attack combined with crafted Modbus function call. Affected systems are Modicon M340 CPU versions prior to SV3.65

 Schneider Electric has provided specific remediation steps for different product lines:

For Modicon M340 CPU:

• Upgrade to firmware version SV3.65, which includes fixes for all vulnerabilities
• Available for download from Schneider Electric's website

For MC80 and Momentum Unity M1E:

• Remediation plan is in development
• Temporary mitigations recommended:
  • Implement network segmentation
  • Configure firewalls to block unauthorized access to port 502/TCP
  • Set up proper Access Control Lists
  • Consider using external firewall devices for VPN connections