All news with #schneider electric tag
Tue, August 26, 2025
Schneider Electric Modicon M340: FTP Input Validation Flaw
⚠️ Schneider Electric disclosed an Improper Input Validation vulnerability in Modicon M340 controllers and several communication modules that can be triggered by a specially crafted FTP command. Tracked as CVE-2025-6625 with a CVSS v4 base score of 8.7, the flaw enables a remote denial-of-service with low attack complexity. Schneider released firmware fixes for the BMXNOE0100 (v3.60) and BMXNOE0110 (v6.80) modules, which require device reboot; remediation for other affected products is planned. CISA recommends disabling FTP when not needed, blocking or segmenting port 21, using VPNs for remote access, applying vendor updates where available, and following ICS hardening and risk-assessment practices before making changes.
Tue, August 26, 2025
CISA Issues Three Industrial Control Systems Advisories
🔔 CISA released three Industrial Control Systems advisories on August 26, 2025, detailing vulnerabilities and mitigations for INVT VT‑Designer and HMITool, Schneider Electric Modicon M340 controllers and modules, and an updated advisory for Danfoss AK‑SM 8xxA Series. The alerts provide technical details, risk assessments, and recommended mitigations. Administrators and asset owners should review the advisories and apply vendor guidance promptly.