Important security notification – M340, Quantum and Premium Ethernet communication modules

Q: Important security notification – M340, Quantum and Premium Ethernet communication modules

Issue Schneider Electric ® has become aware of multiple vulnerabilities in the Ethernet modules for M340, Quantum, Premium PLC ranges, Momentum range and STB I/O. For M340 PLC ranges Product Line Modicon M340, Quantum, Premium Environment BMXP342020 Resolution Schneider Electric ® has become aware of multiple vulnerabilities in the Ethernet modules for M340, Quantum, Premium PLC ranges, Momentum range and STB I/O. For M340 PLC ranges The Ethernet modules crashes 50% of the time when using FileZilla as a FTP Client to transfer files to the modules. For modules supporting Factory Cast feature for M340, Quantum, Premium PLC ranges The FactoryCast service accessible to end users allows user to send Modbus messages embedded in HTTP POST requests using SOAP messages that can result in unintended consequences such as (1) stopping of PLCs, (2) Modifying IO data in PLC etc. For modules for M340, Quantum, Premium PLC ranges The Ethernet modules with Web Server feature allows user to transmit HTTP commands to modules when user clicks on maliciously formed hyperlinks. This Vulnerability is called Cross Site Forgery. See the attached Document Attachments (Removed File URL: 208522_4E82/208522V7.pdf)(Removed Image URL: /PubResEXPORT.nsf/2b87ee90be777fc085257c28006ee4ef/cdfe79ea28c02703c1257b6d00109507/fl_block_5/0.CC?OpenElement&FieldElemFormat=gif)208522V7.pdf 게시 대상: 슈나이더 일렉트릭 Korea

Question

Important security notification &#8211; M340, Quantum and Premium Ethernet communication modules

Accepted Answer

Issue

Schneider Electric^® has become aware of multiple vulnerabilities in the Ethernet modules for M340, Quantum, Premium PLC ranges, Momentum range and STB I/O.
For M340 PLC ranges

Product Line
Modicon M340, Quantum, Premium

Environment
BMXP342020

Resolution

Schneider Electric^® has become aware of multiple vulnerabilities in the Ethernet modules for M340, Quantum, Premium PLC ranges, Momentum range and STB I/O.
For M340 PLC ranges

The Ethernet modules crashes 50% of the time when using FileZilla as a FTP Client to transfer files to the modules.

For modules supporting Factory Cast feature for M340, Quantum, Premium PLC ranges
The FactoryCast service accessible to end users allows user to send Modbus messages embedded in HTTP POST requests using SOAP messages that can result in unintended consequences such as (1) stopping of PLCs, (2) Modifying IO data in PLC etc.

For modules for M340, Quantum, Premium PLC ranges
The Ethernet modules with Web Server feature allows user to transmit HTTP commands to modules when user clicks on maliciously formed hyperlinks. This Vulnerability is called Cross Site Forgery.

See the attached Document

Attachments

(Removed File URL: 208522_4E82/208522V7.pdf)(Removed Image URL: /PubResEXPORT.nsf/2b87ee90be777fc085257c28006ee4ef/cdfe79ea28c02703c1257b6d00109507/fl_block_5/0.CC?OpenElement&FieldElemFormat=gif)208522V7.pdf

Important security notification – M340, Quantum and Premium Ethernet communication modules

게시 대상: 슈나이더 일렉트릭 Korea

제품

지원

회사

빠른 링크

파트너

지속 가능성

이벤트

인사이트
opens new tab

Important security notification &#8211; M340, Quantum and Premium Ethernet communication modules

게시 대상: 슈나이더 일렉트릭 Korea

도움이 필요하신가요?

제품 선택기

견적 받기

구매처

지원 센터

제품

지원

회사

빠른 링크

Important security notification – M340, Quantum and Premium Ethernet communication modules