Multiple vulnerabilities in Modicon Logic Controllers and related products



Risk High
Patch available NO
Number of vulnerabilities 3
CVE-ID CVE-2020-7488
CVE-2020-7487
CVE-2020-7489
CWE-ID CWE-319
CWE-345
CWE-74
Exploitation vector Network
Public exploit N/A
Vulnerable software
EcoStruxure Machine Expert
Server applications / SCADA systems

SoMachine
Server applications / SCADA systems

SoMachine Motion
Server applications / SCADA systems

Modicon M218
Hardware solutions / Firmware

Modicon M251
Hardware solutions / Firmware

Modicon M258
Hardware solutions / Firmware

Modicon M241
Hardware solutions / Firmware

Modicon M100
Hardware solutions / Firmware

Modicon M200
Hardware solutions / Firmware

Modicon M221
Hardware solutions / Firmware

Vendor Schneider Electric

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Cleartext transmission of sensitive information

EUVDB-ID: #VU27382

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-7488

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker on the local network with ability to intercept network traffic can gain access to sensitive data transmitted between the software and the Modicon controllers.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

EcoStruxure Machine Expert: All versions

SoMachine: All versions

SoMachine Motion: All versions

Modicon M218: All versions

Modicon M251: All versions

Modicon M258: All versions

Modicon M241: All versions

CPE2.3 External links

http://www.se.com/ww/en/download/document/SEVD-2020-105-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU27383

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-7487

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient verification of data authenticity issue. A remote attacker on the local network can execute arbitrary code on the Modicon controllers. 

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

EcoStruxure Machine Expert: All versions

SoMachine: All versions

SoMachine Motion: All versions

Modicon M218: All versions

Modicon M241: All versions

Modicon M251: All versions

Modicon M258: All versions

CPE2.3 External links

http://www.se.com/ww/en/download/document/SEVD-2020-105-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Neutralization of Special Elements in Output Used by a Downstream Component

EUVDB-ID: #VU27384

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-7489

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of input. A remote attacker can execute arbitrary code on the controller.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoMachine: All versions

EcoStruxure Machine Expert: All versions

Modicon M100: All versions

Modicon M200: All versions

Modicon M221: All versions

CPE2.3 External links

http://www.se.com/ww/en/download/document/SEVD-2020-105-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###