Schneider Electric Important Security Notification – Mar & Apr 2018

 

A flaws found in Schneider Electric’s Modicon M340 PLC Station P34 Module human machine interface (HMI) software since 2015. An official announcement by vendor since last month till now. From techincal point of view, Modicon product series programmable logic controller has large usage in electric, gas and oil supply industry. So related party must stay alert!

CVE-2018-7758: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=SEVD-2018-074-04+MiCOM+Px4x+Rejuvenated.pdf&p_Doc_Ref=SEVD-2018-074-04

CVE-2018-7762: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7759: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7242: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7760 & CVE-2018-7761: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7240 & CVE-2018-7241: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01