Developers: | Schneider Electric Global |
Last Release Date: | 2016/12/12 |
Branches: | Light industry, Logistics and distribution, Mechanical engineering and instrumentation, Food industry |
Content |
Modicon is a line of programmable logic controllers (PLCs) widely used in various fields of industry as well as infrastructure.
2023: Discovery of a number of serious vulnerabilities in management systems
In mid-February 2023, researchers at Forescout announced the discovery of a number of serious vulnerabilities in Schneider Electric production process management systems.
We are talking about two critical vulnerabilities in some operating technological system controllers manufactured by the digital automation giant Schneider Electric. The presence of vulnerabilities in equipment, according to Forescout, at critical production facilities increases the risk of process continuity, accidents, fraud and other unpleasant consequences.
Developers at Schneider Electric asked Forescout researchers to refrain from including the two bugs in the ICEFALL list to be able to work with customers to fix the problems before they are made public. Two vulnerabilities, CVE-2022-45788 and CVE-2022-45789, affect Schneider Electric's Unity line of Modicon Programmable Logic Controllers (PLCs). Schneider PLCs operate for 2023 in systems such as water and wastewater treatment systems, mining, power, etc.
The prevalence of vulnerabilities in Schneider Electric products was identified during a basic search that Forescout performed on the Shodan Internet scanning tool. The search showed dozens of devices connected to the PLC network, despite the fact that information security experts do not recommend connecting them to the Internet. Researchers at Forescout found that France 33%, Spain 17%, Italy 15% and the US 6% are the countries with the most vulnerable devices. After requesting all relevant Modicon Unity models from Shodan, the researchers found more than 1,000 unprotected PLCs.
In a statement to The Record, a Schneider Electric spokesman said that the company worked closely with specialists from Forescout throughout the investigation process. Researchers at Forescout reported that they uncovered critical holes in the CVE-2022-45788 and CVE-2022-45789 back in April 2022.[1]
2017
InfoWatch ASAP Compatibility
The Group of Companies (GC), InfoWatch a Russian developer of solutions for providing information security organizations, and an industrial automation company Schneider Electric on November 15, 2017 announced the completion of joint tests of the software and hardware complex (PAC) for the protection of automated process control systems () (APCS InfoWatch Automation System Advanced Protector InfoWatch ASAP) on industrial automation equipment Schneider Electric Modicon series. More. here
Localization of production of Modicon M340 and Modicon X80 in Russia
On October 11, 2017, Schneider Electric announced the localization of the production of Modicon M340 programmable logic controllers, as well as the Modicon X80 I/O platform at its SHEZEM plant (Schneider Electric Plant ElectroMonoblock) in Kommunar, Leningrad Region.
The products produced at the enterprise have a distinctive RU prefix at the end of the serial number, are equipped with a product passport and the necessary certificates, as well as the marking "Made in Russia."
According to Schneider Electric, the technical and operational characteristics of localized modules are completely identical to the properties of products manufactured at the factory in France. All warranty and service obligations, as well as commercial conditions for the purchase of products remained unchanged, while the time of manufacture and delivery of the most demanded modules decreased significantly, while their price did not increase.
The Modicon X80 I/O platform is fully compatible with the high-tech PLC series Modicon - M580. This will allow domestic users to create solutions for APCS of any complexity using mainly Russian components.
Modicon M258 for medium automation tasks
As of January 30, 2017, Modicon M258 is a programmable controller for solving medium automation problems: controlling packing and packaging machines using coordinate movements, transporting and storing, performing counting, speed control and data exchange functions.
The M258 controller has improved performance using a Dual-Core processor. This allows the controller to process up to 2,400 discrete I/O channels and exchange data over field buses without losing performance. Each controller contains a built-in Ethernet port, RS-485/RS-232, one USB-A port for transferring a program or firmware, USB-mini port for programming; additionally can be equipped with communication modules RS-485/RS-232 and Profibus DP V1 slave.
The line of M258 controllers includes base blocks that differ in the number and type of I/O channels, the presence of an integrated CANopen port and free PCI buses for additional communication modules. The base unit may comprise 42 or 66 discrete I/O channels, 4 analog input channels. All M258 controllers are powered by 24 V DC. The M258 controllers can additionally be equipped with expansion modules:
- compact expansion modules of discrete inputs/outputs;
- discrete, analog I/O expansion section modules;
- sectional counting modules;
- section modules of general distribution, power distribution modules;
- bus expansion section modules.
Compact discrete I/O expansion modules are an assembly of several sectional modules. The density of discrete channels per section module may be 2, 4, 6, 8 or 12; compact available with 20, 18 + 6 analog, 36 and 42 channels per assembly.
Sectional counting modules allow to connect up to two extendable encoders per module with maximum pulse frequency up to 100 kHz.
Bus expansion section modules are designed to create remote I/O using only the built-in capabilities of the bus TM5 M258 controller. The maximum distance between neighboring islands is limited to 100 meters, the maximum number of islands is 25, in total the total tire length can reach 2500 m.
The common distribution section modules make the connection of sensors and actuators more flexible by providing additional terminals with zero contacts or 24 V post applied. current.