Schneider Electric Modicon Controllers Confidentiality Vulnerability via Externally Controlled Resource References

A vulnerability allowing an unauthenticated attacker to manipulate the web server URL of affected Schneider Electric Modicon controllers, specifically the M241, M251, M258, and LMC058 models, could lead to unauthorized access to confidential resources. This vulnerability arises from externally controlled references to resources in another sphere, potentially allowing for an unauthenticated read of arbitrary files and a loss of confidential data stored on the controller.

Impact

Exploitation of this vulnerability could result in an unauthorized read of arbitrary files, leading to a loss of confidential data stored on the affected controller.

Remediation

Users of Modicon Controllers M241/M251 should update to version 5.3.12.48. For Modicon Controllers M258 and LMC058, Schneider Electric is developing a remediation plan for future versions that will address this vulnerability. Until then, users should apply recommended mitigations, such as using the controllers in a protected environment, managing user rights and passwords, deactivating the web server when not needed, using encrypted communication links, segmenting networks, and blocking unauthorized access to HTTP and HTTPS ports.