Schneider Electric Multiple PLCs Improper Authentication

high Nessus Network Monitor Plugin ID 720033

Synopsis

Several Schneider Electric PLC modules allow arbitrary code execution via Modbus messages embedded in HTTP POST requests.

Description

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/node/642,http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper,http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf,http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/

Plugin Details

Severity: High

ID: 720033

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 4/4/2013

Vulnerability Publication Date: 4/4/2013

Reference Information

CVE: CVE-2013-0664