Schneider Electric Releases Critical PLC Security Update

On the 17th of December 2015 the Schneider Electric Corporation released a critical security update to address a buffer overflow (defined) vulnerability within the following Modicon M340 PLC (Programmable Logic Controller) products:

  • BMXNOC0401
  • BMXNOE0100
  • BMXNOE0100H
  • BMXNOE0110
  • BMXNOE0110H
  • BMXNOR0200
  • BMXNOR0200H
  • BMXP342020
  • BMXP342020H
  • BMXP342030
  • BMXP3420302
  • BMXP3420302H and
  • BMXPRA0100

This issue was responsibly disclosed (defined) to Schneider by an independent security researcher named Nir Giller.

Why Should This Issue Be Considered Important?
This security vulnerability is of critical severity since an attacker would find it easy to exploit according to the information within the ICS-CERT security advisory. In addition, once exploited it can provide the attacker with the ability to carry out any instruction of their choice (in other words remote code execution) within the Schneider product. The only workaround is to block port 80 of the Schneider device using a firewall. However, given that port 80 is used for HTTP communication, this workaround will prove restrictive.

How Can I Protect Myself from This Issue?
Schneider have released an update for these products that addresses this issue. Please follow the directions within this ICS-CERT security advisory which also references the advisory from Schneider for this issue to install the necessary update.

The ICS-CERT advisory also provides further recommendations in an effort to prevent exploitation of this vulnerability.

If you are unsure about how to upgrade the firmware of the affected Schneider products that you are using, please contact Schneider Technical Support for assistance.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s