Summary
New vulnerabilities detected in some Schneider Electric products – which can also be integrated into SCADA solutions – six of which are “high” severity.
Risk
Vulnerability Community Impact Estimate: High (65.12)
Type
- Remote Code Execution
- Denial of Service
- Security Restrictions Bypass
- Elevation of Privilege
- Information Disclosure
Affected Products and/or Versions
Schneider Electric
- Modicon M580 CPU
- Modicon M580 CPU Safety
- BMENOR2200H
- BMXNOE0100
- BMXNOE0110
- BMXNOR0200H
- EVLink Pro AC
- Pro-face GP-Pro EX
- Pro-face Remote HMI
- Web Designer
- Modicon M340 processors
- RemoteConnect and SCADAPackTM x70 Utilities
- PowerLogic HDPM6000
Mitigation Actions
In line with vendor statements, it is recommended to apply the available mitigations following the indications reported in the security bulletins in the References section.
The following are the CVEs related to the vulnerabilities with a severity of “high”:
References
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp: apre un link esterno
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
