Summary
Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service or, in some cases, in remote code execution on PacDrive controllers, Modicon Controllers M241 / M251 / M262 / M258 / LMC058 / LMC078 / M218 , HMISCU, the Simulation Runtime SoftSPS from EcoStruxure Machine Expert and EcoStruxure Microgrid Operation products. Failure to apply the mitigations provided below may result in denial of service and/or arbitrary remote code execution.
The following versions of Schneider Electric devices using CODESYS Runtime are affected:
- HMISCU Controller (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller LMC078 (CVE-2022-4046, CVE-2023-28355)
- Modicon Controller M241 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller M251 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller M262 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller M258 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller LMC058 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Modicon Controller M218 (CVE-2022-4046, CVE-2023-28355)
- PacDrive 3 Controllers: LMC Eco/Pro/Pro2 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- SoftSPS embedded in EcoStruxure Machine Expert (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Vijeo Designer embedded in EcoStruxure Machine Expert (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU series (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- HMISCU Controller ()
- Modicon Controller M241 ()
- Modicon Controller M251 ()
- Modicon Controller M262 ()
- PacDrive 3 Controllers: LMC Eco/Pro/Pro2 ()
- SoftSPS embedded in EcoStruxure Machine Expert ()
- Vijeo Designer embedded in EcoStruxure Machine Expert ()
- Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series iPC series with Vijeo Designer runtime ()
- Vijeo Designer Basic ()
- Harmony iPC series ()
- Magelis XBT series (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Easy Modicon M310 (CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-2022-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670)
- Harmony P6 series ()
- Vijeo Designer runtime ()
- Vijeo Designer runtime ()
- Easy Modicon M310 ()
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Schneider Electric | Schneider Electric devices using CODESYS Runtime | Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Validation of Integrity Check Value, Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Improper Input Validation, Files or Directories Accessible to External Parties, Uncontrolled Search Path Element, Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Improper Restriction of Excessive Authentication Attempts, Exposure of Resource to Wrong Sphere |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2022-4046
In addition to the functionality described above, there are memory access functions that allow the PLC application code to read or write memory. These are not limited to the data memories that are assigned to it or allocated by it. For this reason, the PLC application code can potentially access the entire RAM memory of the CODESYS Control runtime process surrounding it. This could allow PLC programmers who have successfully authenticated themselves at the controller to execute PLC application code that can modify itself or read or write sensitive data of the CODESYS Control runtime process.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller LMC078 All Versions, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric Modicon Controller M218 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
No fix planned
Schneider Electric´s Modicon LMC078 controllers have reached end of their life and are no longer commercially available. They have been replaced by the Modicon M262 controllers. We recommend our customers to migrate to the latest offer. Please contact your local Schneider Electric technical support for more information.
No fix planned
Schneider Electric’s Modicon M218 controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon Easy M200 and Modicon M241 controllers. We recommend our customers to migrate to the latest offer. Please contact your local Schneider Electric technical support for more information.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2023-28355
The PLC application code executed by the CODESYS Control Runtime contains a checksum. This enables the CODESYS development system to check at login whether its loaded project matches the PLC application code executed on the controller. This checksum is not sufficient to reliably detect PLC application code that has been modified in memory or boot application files that have been manipulated.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller LMC078 All Versions, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric Modicon Controller M218 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
No fix planned
Schneider Electric´s Modicon LMC078 controllers have reached end of their life and are no longer commercially available. They have been replaced by the Modicon M262 controllers. We recommend our customers to migrate to the latest offer. Please contact your local Schneider Electric technical support for more information.
No fix planned
Schneider Electric’s Modicon M218 controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon Easy M200 and Modicon M241 controllers. We recommend our customers to migrate to the latest offer. Please contact your local Schneider Electric technical support for more information.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-354 Improper Validation of Integrity Check Value
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
CVE-2022-47378
After successful authentication, specific crafted communication requests with inconsistent content can cause the CmpFiletransfer component to read internally from an invalid address, potentially leading to a denial-of-service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-1288 Improper Validation of Consistency within Input
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-47379
After successful authentication, specific crafted communication requests can cause the CmpApp component to write attacker-controlled data to memory, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47380
After successful authentication, specific crafted communication requests can cause the CmpApp component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47381
After successful authentication, specific crafted communication requests can cause the CmpApp component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47382
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47383
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47384
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47386
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47387
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47388
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47389
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47390
After successful authentication, specific crafted communication requests can cause the CmpTraceMgr component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47385
After successful authentication, specific crafted communication requests can cause the CmpAppForce component to write attacker-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-47392
After successful authentication, specific crafted communication requests with inconsistent content can cause the CmpApp/CmpAppBP/CmpAppForce components to read internally from an invalid address, potentially leading to a denial-of-service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-1288 Improper Validation of Consistency within Input
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-47393
After successful authentication, specific crafted communication requests can cause the CmpFiletransfer component to dereference addresses provided by the request for internal read access, which can lead to a denial-of-service situation.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-822 Untrusted Pointer Dereference
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2022-47391
Crafted communication requests can cause the affected products to read internally from an invalid address, potentially leading to a denial-of-service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-1288 Improper Validation of Consistency within Input
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37545
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37546
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37547
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37548
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37549
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37550
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-ofservice condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37551
After successful authentication as a user, specially crafted communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-552 Files or Directories Accessible to External Parties
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
CVE-2023-37552
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37553
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37554
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37555
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37556
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37557
After successful authentication as a user, specific crafted communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37558
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-37559
After successful authentication as a user, specific crafted communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of service condition.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-20 Improper Input Validation
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CVE-2023-3662
The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-427 Uncontrolled Search Path Element
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-3663
The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks the Learn More button.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-3669
The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks the Learn More button.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CVE-2023-3670
CODESYS Scripting executes potentially malicious scripts saved by another user.
Affected Products
Schneider Electric devices using CODESYS Runtime
Schneider Electric
Schneider Electric HMISCU Controller All versions prior to v6.3.1, Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18, Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18, Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12, Schneider Electric Modicon Controller M258 All Versions, Schneider Electric Modicon Controller LMC058 All Versions, Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1, Schneider Electric SoftSPS embedded in EcoStruxure Machine Expert All Versions prior to Machine Expert v2.2, Schneider Electric Vijeo Designer embedded in EcoStruxure Machine Expert All versions prior to v6.3.1, Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3, Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2, Schneider Electric Magelis XBT series All Versions, Schneider Electric Easy Modicon M310 All versions prior to v3.1.5.82
fixed, known_affected
Remediations
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1.
Vendor fix
Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot.
Vendor fix
Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot.
No fix planned
Schneider Electric’s Magelis XBT series have reached their end of commercialization. Magelis XBTGT/XBTGK offers have been replaced by HMIGTO/HMIGTU/HMIGK. We recommend our customers to migrate to the latest offers. For Magelis XBT series that haven’t been replaced, please contact your local Schneider Electric technical support for more information.
Vendor fix
PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to V2.2 of Machine Expert. Update PacDrive 3 Controllers: LMC Eco/Pro/Pro2 to the latest Firmware and preform reboot.
Vendor fix
Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer.
Vendor fix
SoftSPS component has been removed from Machine Expert V2.2. Machine Expert can be updated through the Schneider Electric Software Update (SESU) application.
Mitigation
• Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use. • Use encrypted communication links. • The “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment” provide mitigations through the activation of project encryption in the Enhanced Security Settings, chapter https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=EIO0000004242.00.pdf&p_Doc_Ref=EIO0000004242. • Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/1105.
Mitigation
• Enable the optional ‘Implicit Checks’ on logic applications. • Avoid use of the POINTER data type and MEMMOVE instructions, especially on untrusted inputs. • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. • Use firewalls to protect and separate the control system network from other networks. • Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Vendor fix
Version 3.1.5.82 includes a fix for this vulnerability and can be download here: https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 As an alternative, contact your Schneider Electric Customer Care Center to obtain the firmware. To complete the update, connect to M310 and download the firmware using EcoStruxureTM Motion Expert.
Vendor fix
Version 6.3 HF3 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Hot Fix. For additional detail please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 HF3 of Vijeo Designer.
Vendor fix
Vijeo Designer Basic v2.0 HotFix 2 includes a fix for this vulnerability. Please contact your Schneider Electric Customer Care Center to obtain the installer. To complete the update, connect to Harmony HMI and download the firmware using Vijeo Designer Basic.
Vendor fix
Version 6.3 SP2 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware As an alternative, please contact your Schneider Electric Customer Care Center to obtain the Fix. For additional details, please refer to the supplied help file in Hot Fix. On the engineering workstation, update to v6.3 SP2 of Vijeo Designer.
Mitigation
Customers should immediately apply the following mitigations to reduce the risk of exploitation: • Ensure usage of user management and password features. User rights are enabled by default and forced to create a strong password at first use.• Restrict access to programming ports, typically UDP/1740, TCP/11740 and TCP/484.• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.• Use firewalls to protect and separate the control system network from other networks.• Use VPN (Virtual Private Networks) tunnels if remote access is required. • Limit the access to both development and control system by physical means, operating system features, etc. • Protect both development and control system by using up to date malware protection.
Relevant CWE: CWE-668 Exposure of Resource to Wrong Sphere
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Acknowledgments
- Schneider Electric CPCERT reported these vulnerabilities to CISA.
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information
This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER
THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric
Schneider’s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in Sustainability and Efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all.
Details
Vulnerabilities disclosed by CODESYSTM group in the CODESYS Runtime and Simulation Runtime impact Schneider Electric controller products and software. Additional information about the vulnerabilities can be found in the CODESYSTM Advisories at: Advisory 2023-02 • Advisory 2023-03 • Advisory 2023-04 • Advisory 2023-05 • Advisory 2023-06 • Advisory 2023-07 • Advisory 2023-08 • Advisory 2023-09
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Schneider Electric CPCERT SEVD-2023-192-04 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric CPCERT directly for any questions regarding this advisory.
Revision History
- Initial Release Date: 2023-07-11
| Date | Revision | Summary |
|---|---|---|
| 2023-07-11 | 1 | Original Release |
| 2023-08-08 | 2 | New CODESYS advisories 2023-04 to 2023-09 added. Additional impacted product: Harmony and Easy Harmony, Vijeo Designer embedded in EcoStruxure Machine Expert. |
| 2024-01-09 | 3 | Remediations added for different products. |
| 2024-03-12 | 4 | A remediation is now available for HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series |
| 2024-04-09 | 5 | A remediation is now available for Easy Harmony HMIET6/HMIFT6, and Magelis HMIGXU series |
| 2024-06-11 | 6 | Easy Modicon M310 is added to the list of products impacted |
| 2025-08-12 | 7 | Remediations are available for Harmony iPC series and Harmony P6 series with Vijeo Designer. |
| 2025-11-11 | 8 | Remediation is available for Easy Modicon M310. |
| 2025-12-09 | 9 | Replaced advisory IDs with CVE IDs. Added vulnerability details, including CVE descriptions, CWE identifiers, CVSS scores, and vector strings. Corrected mappings of affected and fixed products for each CVE. |
| 2026-01-20 | 10 | Initial Republication of Schneider Electric CPCERT SEVD-2023-192-04 advisory |
Leave a Reply