Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110

Posted on

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 6.9
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Schneider Electric
  • Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110
  • Vulnerability: Files or Directories Accessible to External Parties

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver’s proper behavior by removing specific files or directories from the filesystem.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

  • Modicon M340: All versions
  • Modbus/TCP Ethernet Modicon M340 module: Versions prior to SV3.60
  • Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to SV6.80

3.2 VULNERABILITY OVERVIEW

3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552

A Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

CVE-2024-5056 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2024-5056. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Yanis Wang of DAS-Security reported this vulnerability to Schneider Electric. Schneider Electric reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

Modbus/TCP Ethernet Modicon M340 module: Version SV3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here.

Modbus/TCP Ethernet Modicon M340 FactoryCast module: Version SV6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here.

Schneider Electric is establishing a remediation plan for all future versions of Modicon M340 that will include a fix for this vulnerability. They will provide an update when the remediation is available. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:

  • Set up network segmentation and implement a firewall to block all unauthorized access to FTP port 21/TCP on the devices.
  • FTP service is disabled by default. Deactivate the FTP service after use when not needed.
  • Configure the Access Control List following the recommendations of the user manual “Modicon M340 for Ethernet Communications Modules and Processors User Manual” in chapter “Messaging Configuration Parameters”.

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2024-163-01, SEVD-2024-163-01 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • September 11, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2024-163-01

Related Posts