Multiple vulnerabilities were discovered in Schneider’s Modicon Quantum programmable logic controller affecting all M340, Premium, Quantum PLCs and BMXNOR0200 products.
Modicon Quantum products are used for complex process control, safety and infrastructure in industrial settings like manufacturing and were found to contain vulnerabilities that could allow an attacker to change any user’s password including the administrator’s, delete and replace the existing admin credentials and in the process reset the web server credentials, according to a Nov. 27 blog post.
“Customers are advised to take the necessary steps to secure their Modicon PLC(s),” Schneider Electric said in its security notification. “Failure to address these vulnerabilities could result in unauthorized access to the PLC(s), denial of service, and/or other malicious activity.”
The problem is the result of a bug in the PLC which permits the unauthenticated threat actor to manipulate the accounts.
The second is a cross-site request forgery (CSRF) flaw (CVE-2018-7831) which could allow an attacker to forge a link to be sent to an authenticated victim that once clicked, changes the victim’s password to one chosen by the attacker.
In addition, the products contain two denial-of-service (DoS) vulnerabilities. One of which could be triggered by sending a crafted request to the web server that will render the server inaccessible for around one minute (CVE-2018-7830), and another which impacts a Schneider Modbus function capable of completely shutting down the communication module.
Software updates will not be released for these vulnerabilities because the Quantum product line is end of life so instead researchers recommend users disable the web server by default, configure access control lists to restrict web server access to authorized IP addresses, and protect access to Modicon products with firewalls.