Schneider Electric Modicon X80 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22749)

medium Tenable OT Security Plugin ID 500848

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploitation until a remediation plan is available:

- Web access service is disabled by default. Because the web server is only necessary for specific maintenance and configuration activities, it is advised users disable the web (HTTP) service when it is not needed through the Ecostruxure Control Expert application.
- Set up network segmentation and implement a firewall to block all unauthorized access to HTTP Port 80/TCP on the controllers.
- When used in an architecture including a BMXNOC module, configure the Access Control Lists following the recommendation in the Modicon Controllers Platform Cyber Security Reference Manual.

Additional recommended best practice:

- Change the default password used to access the device web server. Update username and password for HTTP access rights with the “Security” link on the Setup page. See the Modicon X80 BMXNOR0200H RTU Module User Manual.

Please see Schneider Electric’s publication SEVD-2021-159-05 for more information.

See Also

http://www.nessus.org/u?52558129

https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-05

Plugin Details

Severity: Medium

ID: 500848

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 3/1/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-22749

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir20, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir10, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir17, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir15b, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.6:ir4, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir18, cpe:/o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir19

Required KB Items: Tenable.ot/Schneider

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2021

Vulnerability Publication Date: 6/11/2021

Reference Information

CVE: CVE-2021-22749

CWE: 200

ICSA: 21-159-05