Schneider electric reports the vulnerability affects the following products. Resource exhaustion vulnerability on schneiderelectric. Modicon m340 update procedure update procedure ethernet communication module. Remoteconnect software tool cuts pac programming setup. However, 2 months after the public release, very few from the currently available schneiderelectric m340 plcs are currently protected. For modicon m340, modicon premium and modicon quantum, schneider electric recommends that affected users set up network segmentation and implement a firewall to block all unauthorized access to all tcp ports. This updated advisory is a followup to the original advisory titled icsa1705403 schneider electric modicon m340 plc that was published february 23, 2017, on the nccicicscert website.
Modicon m340 firmware update procedure schneider electric. Schneiderelectric modicon m340 firmware security vulnerabilities, exploits, metasploit modules, vulnerability statistics and list of versions. Schneider electric modicon m340 plc station p34 module contains multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause a denial of service condition on a targeted system. What are some best practices for managing unity modicon pac firmware. If ethernet is selected enter the address in the address selection box. Failure to use schneider electric software or approved software with our hardware products may result in injury, harm, or improper operating results.
Remotely exploitablelowskill level to exploit vendor. Comments and animation tables can be excluded from the data embedded in the plc. You can filter results by cvss scores, years and months. Unity pro up is schneider plc software used under windows operating system. For more information click on schneider electric advisory. Perform the firmware upgrade according to the schneider electric procedures. Improves robustness during big amount of project downloads. Schneider plc and unity pro xl page 8 of 18 version.
One of the first plc programs that we are going to develop is a memory dumper. Schneider electric recommends that affected users set up network segmentation and implement a firewall to block all remoteexternal access to tcp ports. Please read this application note for more information. Whereas upgrading a quantum firmware is buy this special cable, remove all the io modules from your rack, and if it gets interrupted your cpu is bricked so maybe have a spare on. Schneider unity pro v is available the software packages. Users considering an upgrade of controller firmware must be familiar with all of the. According to this, you can request free trial from a local representative. The atv imc is compatible with altivar 61 drive software version v2. Unity pro xl download schneider plc software for multi. This document explains how to update modicon m340 plc firmware from. This page provides a sortable list of security vulnerabilities.
This document addresses the firmware compatibility, exceptions, and recommendations for modicon modules. The unity loader software can download the project files and the firmware plc or module onto a flash memory card bmxrmspp8mfp only plugged into the plc cpu. Download documents for modicon m340 mid range plc for industrial process and infrastructure. In sitemanager firmware version 12035 in combination with linkmanager 12081, true usb support is introduced. The technical characteristics of the devices described in the present document also appear online. Schneider bmx xbp 0800 8slot chassis schneider bmx cps2000 power supply schneider bmx p34 m340 processor schneider noe 0110. What is the minimum software version for altivar 61 drive that is compatible with the imc controller card vw3a3521. Tutorial for upgrading firmware on the modicon m340 cpu outlining steps to enable the ftp connection and how to use the unity loader tool. Applying a stuxnet type attack to a modicon plc airbus. Modicon m340 plc systems schneider eu automation us. The latest version until now is unitypro v s, l, xl, xls can be installed in operating systems such as windows 7, windows 10, windows server.
This updated advisory is a followup to the original advisory titled icsa2001601 schneider electric. Small s, large l, x large xl and x large safety xls. Schneiderelectric bundled a number of fixes in a new firmware version v2. To download the firmware into the plc, select the communication media ethernet or usb for modicon m340 cpu in accordance with the selected physical link. Security vulnerabilities of schneiderelectric bmxp342020 firmware version list of cve security vulnerabilities related to this exact version. While in the midst of transferring a program to a schneider m340 plc, ethernet communication was lost and cannot be reestablished to the plc. Upgrading firmware on modicon m340 cpu schneider electric. A firmware fw transfer is only possible on a modicon m340, m580, or momentum hardware platform.
Modicon m340 all firmware versions modicon bmxcra and 140cra modules all firmware versions in one issue, an exploitable information disclosure vulnerability exists in the ftp functionality of the modicon m580 programmable automation controller, firmware version sv2. Remoteconnect software has an importexport command that enables a user to exchange relevant parts of logic programs with schneider electric modicon m340 and m580 pacs. Schneider electric modicon m340 automation platform steven. Schneider mitigations for modicon controllers isssource. This will clear both the application code and data from the controller. Modicon m340 update procedure update procedure ethernet communication module update procedure.
Find new and reconditioned modicon m340 schneider plc systems at eu automation us. To learn more, please visit the schneider electric faq. With the use of sophisticated technology, the factory became interested in the use of automatic control systems on production engines work. Schneider electric m340 is a very user friendly plc i have ever come across. Firmware and drivers faqs schneider electric sweden. Unity programming software telemecanique modicon m340. Commonly, this programs installer has the following filename. Schneider electric modicon m340 plc update a iot security news. New launch in gulf region and working fantastic in process industries. The characteristics that are presented in the present document should be the same as those characteristics that appear online.
Modicon m580, modicon m340, modicon quantum, and modicon premium vulnerability. This program is an intellectual property of schneider electric. View and download kodak m340 extended user manual online. All mdrive hybrid motion control and ethernet tcpip nema sizes connector variants. Download documents for modicon m340 midrange pac industrial process and infrastructure control. Benefits of upgrading to m340 m580 x80 io minimum downtime and risk to upgrade do it during planned. Uncaught exception vulnerability exists modicon m580 firmware version prior to v2.
Modicon m340 documents and downloads schneider electric. The one thing i will give rockwell is everyone knows exactly what firmware they are running and has probably experienced managing and upgrading versions multiple times. For more information see schneider electric advisory sevd2019403. Unity loader a socollaborative software user manual. Schneider electric modicon m340 devices are prone to a denial of service vulnerability. What is that schneider plc m340 industrial performance in the production of goods demanded faster to meet market demand. Upgrading firmware on modicon m340 cpu schneider electric support duration. Schneider electric modicon m340 plc station p34 module.
Schneider electric recommends affected users set up network segmentation and implement a firewall to block all remoteexternal access to tcp ports. Change the firmware version of the controller in the unity pro project to the firmware version loaded. Warning unintended equipment operation before transferring firmware to a plc or to a module with firmware make sure that you have selected the correct project and firmware files and entered the correct tar get address. After some crashes due to access on unmapped addresses we obtained this memory mapping. M340 pacs and premium and quantum plcs check out our sister site plccompare to compare plcs, pacs and programmable relays visit the m340, premium and quantum pages for detailed product information, brochures and pricing information. Quantum 140 noc 771 01 premium tsx etc 101 m340 bmx noc 0401 for unity v5. The schneiderelectric public disclosure of this vulnerability was published a few days ago. Improper check for unusual or exceptional conditions vulnerability exists in modicon m580, modicon m340, modicon quantum, modicon premium see security notification for specific versions which could cause a denial of service of the controller when reading specific memory blocks using modbus tcp. The new linkmanager version will, when connecting to the agent, create a usb controller on the pc that will. Improper check for unusual or exceptional conditions 2.
999 198 542 1256 1180 960 1091 1145 1261 623 942 322 1482 1397 87 1354 705 895 1512 583 1157 456 849 1128 761 556 365 1089 1245 91 53 257 1241