Researchers have discovered more than a dozen vulnerabilities in the Schneider Electric Modicon PLC

Researchers from the Cisco Talos team discovered 11 vulnerabilities in a number of Schneider Electric Modicon Programmable Logic Controllers (PLCs).

Cisco Talos released vulnerability analysis recommendations to mitigate risks for users.

“There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in Schneider Electric’s Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon’s use of FTP”, — write Cisco Talos specialists.

Vulnerabilities affect Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium and Modicon BMxCRA and 140CRA modules. The latest M580 controller contains a total of 11 problems, the rest – 2-8.

Read also: Attackers deployed a skimmer on the site of Magento extensions provider

Vulnerabilities are contained in the Modbus, FTP and TFTP protocols, as well as in the REST API. Problems (CVE-2019-6841 and CVE-2019-6851) affecting TFTP and REST API can be exploited by sending specially generated requests to the target device.

“Using a vulnerability in TFTP could lead to leaks of information about files and directories, however, according to Schneider Electric, the TFTP port is disabled by default on the controllers”, – write researchers at Cisco Talos.

Three vulnerabilities (CVE-2019-6848, CVE-2019-6849, CVE-2019-6850) contained in the REST API are regarded as dangerous and can be used to conduct DoS attacks or can lead to leakage of confidential information.

Vulnerability in Modbus (CVE-2019-6845) allows the transfer of confidential information in clear text when Modbus is used to move applications to the controller. Problems affecting FTP can cause a denial of service by using a specially crafted firmware image.


Researchers told the company about vulnerabilities in May and July this year. Although Schneider Electric did not release any patches for these vulnerabilities, it provided a number of recommendations to prevent potential attacks.

In particular, users are advised to disable the affected services as unnecessary, block unauthorized access to certain ports on the firewall, and change the default passwords.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button