Schneider Electric Modicon M340
Moderate fix1 remedy
cpe:2.3:h:schneider-electric:modicon_m340:*:*:*:*:*:*:*, +2 more
Moderate fix1 remedy
- < 3.60
Schneider Electric Modicon M340 and Communication Modules Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Schneider Electric's Modicon M340 controllers and several communication modules, including the BMXNOR0200H, BMXNGD0100, BMXNOC0401, BMXNOE0100, and BMXNOE0110. This vulnerability arises from improper input validation, allowing a denial-of-service condition when specific crafted FTP commands are sent to the device.
Impact
Exploitation of this vulnerability can lead to a denial-of-service condition, causing the affected device to become unavailable.
Remediation
Users of the Modicon M340 communication modules BMXNOE0100 and BMXNOE0110 should upgrade to version 3.60 and 6.80, respectively. For the Modicon M340 controller and the communication modules BMXNOR0200H, BMXNGD0100, and BMXNOC0401, Schneider Electric is establishing a remediation plan for future versions. Until then, customers should disable the FTP service when not in use, segment networks to block unauthorized access to FTP ports, and use VPNs for remote access if needed.
Added: Aug 18, 2025, 7:17 AM
Updated: Aug 18, 2025, 7:17 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
2.5exploitability
7.0remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.