Multiple vulnerabilities in Schneider Electric firmware
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-7240 CVE-2018-7241 CVE-2018-7242 |
| CWE-ID | CWE-121 CWE-798 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Modicon X80 RTU Hardware solutions / Firmware Modicon M340 Hardware solutions / Firmware Modicon Quantum Hardware solutions / Firmware Modicon Premium Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU11291
Risk: High
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-7240
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to the FTP server does not limit the length of a command parameter. A remote attacker can supply specially crafted parameters, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Modicon X80 RTU: All versions
Modicon M340: All versions
Modicon Quantum: All versions
Modicon Premium: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960143...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hard-coded credentials
EUVDB-ID: #VU11292
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-7241
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to the FTP servers contain a hard-coded account. A remote attacker can bypass security restrictions and gain unauthorized access to the system.
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Modicon X80 RTU: All versions
Modicon M340: All versions
Modicon Quantum: All versions
Modicon Premium: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960143...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU11295
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-7242
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to the FTP server does not limit the length of a command parameter. A remote attacker can supply specially crafted parameters, trigger buffer overflow and cause the service to crash.
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Modicon X80 RTU: All versions
Modicon M340: All versions
Modicon Quantum: All versions
Modicon Premium: All versions
External linkshttp://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=960143...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
