Date: 14 January 2022
On 11 January 2022 Schneider Electric published Security Notifications to highlight vulnerabilities in the following products:
- Modicon M340 – multiple models and versions
- Easergy products – multiple models and firmware versions
- ConneXium Tofino Firewall – multiple models and versions
- CODESYS V3 Runtime, Development System and Gateway – multiple products and versions
- EcoStruxure Power Monitoring Expert – version 2020 and prior
Exploitation of these vulnerabilities could result in unauthorized access, arbitrary code execution, denial of service, information disclosure, data modification and credential disclosure.
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.