SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-249298711] Schneider Electric Modicon M340 PLC

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-23OtherSchneider ElectricLuis Francisco Martin Liras reported the issue to Schneider Electric. N/ACVE-2017-6017 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric Modicon M340 PLC
#


### VULNERABLE VENDOR
Schneider Electric


### VULNERABLE PRODUCT
Modicon M340 PLC



### RESEARCHER
Luis Francisco Martin Liras reported the issue to Schneider Electric.



### AFFECTED PRODUCTS

Schneider Electric reports that the vulnerability affects the following Modicon PLC products with firmware versions prior to Version 2.9:

BMXNOC0401,
BMXNOE0100,
BMXNOE0110,
BMXNOE0110H,
BMXNOR0200H,
BMXP341000,
BMXP342000,
BMXP3420102,
BMXP3420102CL,
BMXP342020,
BMXP342020H,
BMXP342030,
BMXP3420302,
BMXP3420302H, and
BMXP342030H.



### IMPACT

Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC.



### VULNERABILITY OVERVIEW

RESOURCE EXHAUSTION CWE-400
A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
CVE-2017-6017 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sector(s): Defense Industrial Base; Energy; Government Facilities; Nuclear Reactors, Materials, and Waste; Transportation Systems; Water and Wastewater Systems
Countries/Areas Deployed: United States, China, Russia, and India.
Company Headquarters Location: Paris, France




### MITIGATION

Schneider Electric has released a new firmware version, Version 2.9, to mitigate the identified vulnerability, which is available at the following location:

http://www.schneider-electric.com/en/download/document/BMXP342000_V29/


Schneider Electric recommends that users upgrade to the latest firmware version.