SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-489568967] Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-27PLCSchneider ElectricNikita Maximov, Alexey Stennikov, and Kirill Chernyshov of Positive Technologies reported the vulnerabilities to Schneider ElectN/ACVE-2018-7240 CVE-2018-7241 CVE-2018-7242 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200
#


### VULNERABLE VENDOR
Schneider Electric


### VULNERABLE PRODUCT
Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 


### RESEARCHER
Nikita Maximov, Alexey Stennikov, and Kirill Chernyshov of Positive Technologies reported the vulnerabilities to Schneider Electric. Meng Leizi and Zhang Daoquan reported the vulnerabilities to NCCIC.


### AFFECTED PRODUCTS
The following versions of Modicon PLCs are affected:

Modicon Premium all versions,
Modicon Quantum all versions,
Modicon M340 all versions, and
Modicon X80 RTU (BMXNOR0200H) all versions


### IMPACT
Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service on the device, which could result in arbitrary code execution or malicious firmware installation.


### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
The FTP server does not limit the length of a command parameter which may cause a buffer overflow condition.
CVE-2018-7240 has been assigned to this vulnerability.
A CVSS v3 base score of 4.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)


USE OF HARD-CODED CREDENTIALS CWE-798
The FTP servers contain a hard-coded account, which could allow unauthorized access.
CVE-2018-7241 has been assigned to this vulnerability.
A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)


USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327
The FTP server does not limit the length of a command parameter, which may cause a buffer overflow condition.
CVE-2018-7242 has been assigned to this vulnerability.
A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)





### BACKGROUND
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: France




### MITIGATION

Schneider Electric recommends that users follow the instructions outlined in the Modicon Controllers Platform - Cyber Security, Reference Manual


to install Modicon PLCs securely.

Schneider Electric also recommends that affected users disable FTP services on the device during times when maintenance or configuration activities are not needed.

For more information please see Schneider Electric’s security notification SEVD-2018-081-01 at:

https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/