PatchSiren cyber security CVE debrief
CVE-2024-8935 Schneider Electric CVE debrief
A CWE-290 Authentication Bypass by Spoofing vulnerability in Schneider Electric Modicon M340 CPU (part numbers BMXP34*, all versions since SV3.60) allows Man-in-the-Middle (MitM) attackers to bypass authentication during session establishment between the controller and engineering workstation. The root cause is the inherent lack of MitM protection in the Diffie-Hellman key exchange implementation used by the affected products. Successful exploitation can result in denial of service, loss of confidentiality, and loss of integrity of the controller. The vulnerability requires network access and user interaction (a valid user establishing a session), with high attack complexity. No patch is currently available; Schneider Electric is developing remediation for future versions.
- Vendor
- Schneider Electric
- Product
- Modicon M340 CPU
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Schneider Electric Modicon M340 CPU controllers in industrial control systems, particularly in critical infrastructure sectors. Asset owners with remote engineering access to PLCs, system integrators deploying these controllers, and OT security teams responsible for network segmentation and access control in manufacturing, energy, water, and building automation environments.
Technical summary
The vulnerability exists in the session establishment protocol between Schneider Electric Modicon M340 CPU controllers and engineering workstations. The implementation uses Diffie-Hellman key exchange without sufficient authentication mechanisms to prevent MitM attacks. An attacker positioned between the controller and workstation can intercept and potentially modify the key exchange when a legitimate user initiates a session, leading to unauthorized access. The attack requires network-level access to the control system network and timing to coincide with legitimate user session establishment. Affected products include Modicon M340 CPU part numbers BMXP34* with firmware SV3.60 and later. Related products Modicon MC80 and Modicon Momentum Unity M1E are documented in the same advisory but with different CVE assignments for similar issues.
Defensive priority
HIGH
Recommended defensive actions
- Implement network segmentation and deploy firewalls to block unauthorized access to TCP port 502 on affected controllers
- Configure Access Control Lists (ACLs) on Modicon M340 CPUs following the Modicon M340 Ethernet Communications Modules and Processors User Manual guidance
- Enable memory protection on M340 CPUs by configuring the input bit to a physical input as described in the Modicon Controller Systems Cybersecurity User Guide
- Consider deploying external firewall devices such as Belden EAGLE40-07 to establish VPN connections for remote access
- Monitor for anomalous network traffic on port 502 and engineering workstation connections to controllers
- Apply Schneider Electric remediation updates when released for future M340 firmware versions
Evidence notes
CISA ICS Advisory ICSA-24-326-03 published 2024-11-12 confirms the vulnerability affects Modicon M340 CPU (BMXP34* series, SV3.60 and later). The advisory attributes the vulnerability to the Diffie-Hellman algorithm's inherent inability to protect against MitM attacks. CVSS 3.1 score of 7.5 (HIGH) with vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. No known exploitation in the wild as of advisory date. Not listed in CISA KEV.
Official resources
-
CVE-2024-8935 CVE record
CVE.org
-
CVE-2024-8935 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12