Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Security Assessment of Schneider Electric Products
Summary of Findings: During a security assessment of Schneider Electric’s EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers, several vulnerabilities were discovered. These vulnerabilities involve improper checks for unusual or exceptional conditions and could potentially lead to unauthorized access, execution of arbitrary code, or denial-of-service attacks.
Affected Products and Firmware Versions: The following products and their corresponding firmware versions are affected:
- EcoStruxure Control Expert: All versions before V15.3
- EcoStruxure Process Expert: Version V2020 and earlier
- Modicon M340 CPU (part numbers BMXP34*): All versions prior to SV3.51
- Modicon M580 CPU (part numbers BMEP* and BMEH*): All versions prior to SV4.10
- Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S): All versions
- Modicon Momentum Unity M1E Processor (part numbers 171CBU*): All versions prior to SV2.6
- Modicon MC80 (BMKC80): All versions
- Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*): All versions
Details of Vulnerability: The identified vulnerability, CWE-754 (Improper Check for Unusual or Exceptional Conditions), can result in arbitrary code execution, denial-of-service, and compromise of confidentiality and integrity. The vulnerability is tracked with CVE-2022-45788 and has a CVSS v3 base score of 7.5.
Mitigations and Fixes: Schneider Electric has released patches and remediations to address these vulnerabilities:
- EcoStruxure Process Expert: Upgrade to Version V2021, which is not affected.
- EcoStruxure Control Expert: Download Software V15.3, which includes a fix.
- Modicon M580 (part numbers BMEP* and BMEH*, excluding M580 CPU Safety): Update to Firmware SV4.10.
- Modicon Momentum Unity M1E Processor (part numbers 171CBU*): Apply Firmware VS2.6.
- Modicon M340 CPU (part numbers BMXP34*): Install Firmware SV3.51.
- Modicon MC80 CPU (part numbers BMKC80*): Update to Firmware SV1.90.
Implementation and Best Practices: Users are advised to apply the provided patches using appropriate patching methodologies. Schneider Electric recommends evaluating the impact of updates in a testing and development environment or on an offline infrastructure. For assistance in removing a patch if necessary, users can contact Schneider Electric.
Network Security Recommendations: To minimize the risk of exploitation, follow best practices for network hardening. Use firewalls to isolate control system networks and employ secure methods like virtual private networks (VPNs) for remote access.
CISA Recommendations: The Cybersecurity and Infrastructure Security Agency (CISA) suggests organizations perform impact analysis and risk assessment before deploying defensive measures. CISA also provides additional resources on its ICS webpage at cisa.gov/ics, including detailed cyber defense best practices.
Researcher Information: The vulnerabilities were reported by Jos Wetzels and Daniel dos Santos of Forescout Technologies.
In conclusion, Schneider Electric has taken prompt action to address the identified vulnerabilities. Users should apply the provided patches and adhere to cybersecurity best practices to protect their systems from potential attacks.