VDB
ICSA-25-114-01
ICSA-25-114-01
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products. The Modicon Programmable Automation controllers are used for complex networked communication, display and control applications Failure to apply the mitigations or remediations provided below may risk execution of unsolicited command on the PLC which could result in a loss of availability of the controller February 2025 Update: Correction of vulnerabilities impacting Quantum Safety processor.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Modicon M580 3.10 | ||
| Schneider Electric Modicon Premium <3.60 | ||
| Schneider Electric Modicon Quantum <3.60 | ||
| Schneider Electric Modicon M580 <2.90 | ||
| Schneider Electric PLC Simulator for EcoStruxure™ Control Expert 15.1 | ||
| Schneider Electric Modicon Quantum all | ||
| Schneider Electric Modicon Quantum 3.60 | ||
| Schneider Electric Modicon M580 >2.80 | ||
| Schneider Electric Modicon MC80 BMKC80* <1.80 | ||
| Schneider Electric Modicon Premium <3.20 | ||
| Schneider Electric Modicon MC80 BMKC80* 1.80 | ||
| Schneider Electric Modicon M340 3.20 | ||
| Schneider Electric Modicon M580 all | ||
| Schneider Electric Modicon Premium 3.60 | ||
| Schneider Electric Modicon M580 <2.80 | ||
| Schneider Electric Modicon Momentum CPU (part numbers 171CBU*) all versions | ||
| Schneider Electric Modicon M340 all | ||
| Schneider Electric PLC Simulator for EcoStruxure™ Control Expert <15.1 | ||
| Schneider Electric Modicon M340 <3.10 | ||
| Schneider Electric Modicon Premium all |
Timeline
- May 14, 2019 CVE Published
- Feb 11, 2025 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2019-134-11.json advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-114-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=HRB44124.08.pdf&p_Doc_Ref=HRB44124 fix
- https://www.se.com/ww/en/download/document/33002467K01000/ fix
- https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware fix
- https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware fix
- https://www.se.com/ww/en/download/document/EIO0000002071/ fix
- https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=HRB44124.08.pdf&p_Doc_Ref=HRB44124 fix
- https://www.se.com/ww/en/download/document/Momentum_FW_update/ fix