Insufficient Verification of Data Authenticity in Modicon Controllers by Schneider Electric
CVE-2020-7487

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Machine Expert (all Versions)somachine, Somachine Motion (all Versions)modicon M218 Logic Controller (all Versions)modicon M241 Logic Controller (all Versions)modicon M251 Logic Controller (all Versions)modicon M258 Logic Controller (all Versions)
Vendor: CVE Published:; 22 April 2020

Summary

A vulnerability exists in Schneider Electric's Modicon M218, M241, M251, and M258 controllers due to insufficient verification of data authenticity. This flaw could potentially enable an attacker to execute malicious code on these devices, posing significant security risks in industrial control environments. Users are advised to apply appropriate security measures to mitigate potential threats.

Affected Version(s)

EcoStruxure Machine Expert (all )SoMachine, SoMachine Motion (all )Modicon M218 Logic Controller (all )Modicon M241 Logic Controller (all )Modicon M251 Logic Controller (all )Modicon M258 Logic Controller (all ) EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)

References

https://www.se.com/ww/en/download/document/SEVD-2020-105-02

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2020
Vulnerability Reserved
Jan 21, 2020