QID 590813
Date Published: 2022-07-18
QID 590813: Schneider Electric Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules Vulnerability (SEVD-2020-343-04)
Affected Products and Versions
Modicon M340 CPUs BMXP34 all versions prior to V3.30
Modicon M340 Ethernet Communication modules BMXNOE0100 (H) all versions prior to V3.3 BMXNOE0110 (H) all versions prior to V6.5 BMXNOC0401 (H) all versions prior to V2.10
Modicon Premium communication modules TSXETY4103 prior to V6.2 TSXETY5103 prior to V6.4
Modicon Premium processors with integrated Ethernet COPRO TSXP574634 versions prior to V6.1 TSXP575634 versions prior to V6.1 TSXP576634 versions prior to V6.1
Modicon Quantum processors with integrated Ethernet COPRO 140CPU65xx0 prior to V6.1
Modicon Quantum communication modules140NOE771x1, prior to V7.1 140NOC78x00, prior to V1.74 140NOC77101, prior to V1.08
Modicon X80 BMXNOR0200H RTU module BMXNOR200H all versions prior to V1.70 IR 23
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Successful exploitation of this vulnerability may risk execution of commands on the webserver by an unauthenticated attacker, which could result in loss of availability and integrity on the controller.
Customers are advised to refer to CERT MITIGATIONS section SEVD-2020-343-04 for affected packages and patching details.
- SEVD-2020-343-04 -
www.se.com/ww/en/download/document/SEVD-2020-343-04/
CVEs related to QID 590813
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| SEVD-2020-343-04 |
www.se.com/ww/en/download/document/SEVD-2020-343-04/ |