Schneider Electric has a list of recommendations to handle Improper check for unusual or exceptional conditions and improper access control in its Modicon BMXNOR0200H, according to a report with CISA.
Successful exploitation of these remotely exploitable vulnerabilities, discovered by the VAPT Team, C3i Center, IIT Kanpur, India, could allow remote code execution or cause a denial-of-service condition.
Schneider Electric reports these vulnerabilities affect the following products: BMXNOR0200H Ethernet/Serial RTU module, all firmware versions. The BMXNOR0200H Ethernet/Serial RTU module is part of the Modicon X80 I/O product category. Modicon X80 I/Os are a common platform of modules for Modicon M580 and M340 PLCs.
In one issue, an improper check for unusual or exceptional conditions vulnerability exists that could cause a denial-of-service condition when truncated SNMP packets on Port 161/UDP are received by the device.
CVE-2019-6813 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
In addition, an improper check for unusual or exceptional conditions vulnerability exists that could cause disconnection of active connections when an unusually high number of IEC 60870-5-104 packets are received by the module on Port 2404/TCP.
CVE-2019-6831 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
Also, an improper access control vulnerability exists that could allow the execution of commands by unauthorized users when using the IEC 60870-5-104 protocol.
CVE-2019-6810 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
The product sees use mainly in the commercial facilities sector. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerability.
Schneider Electric recommends users set up network segmentation and implement a firewall to block all unauthorized access to Port 2404/TCP and SNMP Port 161/UDP.
For more information, see the Schneider Electric security notification.