Schneider Electric Modicon M221 PLCs and SoMachine Basic Protection Mechanism Failure (CVE-2017-7575)

critical Tenable OT Security Plugin ID 500282

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric recommends that users store project files in secure, access-restricted locations and encrypt project files with reputable third party file encryption tools.

On June 14, 2017, Schneider Electric released firmware v1.5.1.0 and associated SoMachineBasic V1.5SP1. The new version uses an enhanced encryption mechanism and prevents M221 from returning the password. Users may download SoMachineBasic V1.5SP1 (including firmware v1.5.1.0) from the Schneider Electric web site at the following location:

http://www.schneider-electric.com/en/download/document/SOMBASAP15SP1SOFT/

or by using Schneider Electric Software Update tool.

Schneider Electric’s security notice SEVD-2017-097-01 is available at the following location:

http://www.schneider-electric.com/en/download/document/SEVD-2017-097-01/

Schneider Electric’s security notice SEVD-2017-097-02 is available at the following location:

http://www.schneider-electric.com/en/download/document/SEVD-2017-097-02/

See Also

https://os-s.net/advisories/OSS-2017-01.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-17-103-02a

http://www.securityfocus.com/bid/97523

http://www.nessus.org/u?b717cd8f

Plugin Details

Severity: Critical

ID: 500282

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-7575

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:schneider-electric:modicon_tm221ce16r_firmware:1.3.3.3

Required KB Items: Tenable.ot/Schneider

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/6/2017

Vulnerability Publication Date: 4/6/2017

Reference Information

CVE: CVE-2017-7575

CWE: 200

ICSA: 17-103-02