Schneider Electric Modicon Network Managed Switches Vulnerability
Schneider Electric Modicon Network Managed Switches Vulnerability
Schneider Electric is aware of a RADIUS protocol vulnerability, identified as CVE-2024-3596, affecting its Modicon Network Managed Switch product. Failure to apply the mitigation provided may risk forgery attacks in the RADIUS Protocol. These attacks could result in modification of any valid response (Access-Accept, Access-Reject, or Access-Challenge) to any other response, potentially leading to denial of service and loss of confidentiality and integrity of the devices connected to the switch.
The Modicon Network Managed Switch product provides connectivity for multiple Ethernet devices, network management, and enhanced cybersecurity. This vulnerability impacts Critical Infrastructure Sectors worldwide, including:
- Commercial Facilities
- Energy
- Food and Agriculture
- Government Services and Facilities
- Transportation Systems
- Water and Wastewater
The following versions of Schneider Electric Modicon Network Managed Switches are affected:
- Connexium Managed Switches All Versions
- Modicon Managed Switches All Versions
- Modicon Redundancy Switches All Versions
The default RADIUS configuration is not vulnerable. However, if the RADIUS Server Message Authenticator option is disabled, the product becomes vulnerable. This vulnerability is categorized under CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel. Schneider Electric CPCERT reported this vulnerability to CISA. The initial release date for this advisory was 2026-04-14.
Mitigation Steps
To mitigate this vulnerability, we advise keeping the RADIUS Server Message Authenticator parameter in its default (enabled) state. This parameter can be configured via CLI and SNMP. For TCSESM, the CLI command is radius server msgauth and MIB is hmAgentRadiusServerMsgAuth. For MCSESM and MCSESP, the CLI command is radius server auth modify msgauth and MIB is hm2AgentRadiusServerMsgAuth. Similarly, for MCSESR, the CLI command is radius server auth modify msgauth and MIB is hm2AgentRadiusServerMsgAuth. Schneider Electric also strongly recommends locating control and safety system networks and remote devices behind firewalls and isolating them from the business network.
Additionally, CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Organizations should minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize that a VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
For more details, you can read the complete article here.