Schneider Electric has mitigations available to handle a use of insufficiently random values vulnerability in its Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by David Formby and Raheem Beyah of Fortiphyd Logic and Georgia Tech, could allow an attacker to hijack TCP connections or cause information leakage.
The following versions of Modicon products suffer from the issue:
• Modicon M580 firmware versions prior to Version 2.30
• Modicon M340 firmware, all versions
• Modicon Premium, all firmware versions
• Modicon Quantum, all firmware versions
In the vulnerability, the device has predictable TCP initial sequence numbers that allow attackers to hijack TCP connections carrying unsecured communications.
CVE-2018-7838 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.4.
The product sees use in multiple sectors in the manufacturing automation area, and it sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Schneider Electric reports the following mitigations:
• Modicon M580 firmware Version 2.80 is available for download. For more information click on Schneider Electric advisory.
• Modicon M340: Currently, no fix is available.
– Schneider Electric recommends affected users set up network segmentation and implement a firewall to block all remote/external access to TCP ports.
– Configure the Access Control List following the recommendations of the user manual “Modicon M340 for Ethernet Communications Modules and Processors User Manual,” in the chapter titled “Messaging Configuration Parameters.”
• Modicon Premium and Modicon Quantum
– Set up network segmentation and implement a firewall to block all unauthorized access to all TCP ports.
In December, Schneider Electric reported the Modicon Premium and Quantum controllers reached the End of Commercialization life cycle. For more information, click on this Schneider Electric advisory.