Serial number: AV25-024
Date: January 15, 2025
On January 14, 2025, Schneider Electric published advisories to address vulnerabilities in the following products:
- BMENOR2200H – all versions
- BMXNOE0100 – all versions
- BMXNOE0110 – all versions
- BMXNOR0200H – versions prior to SV1.70IR2
- EVLink Pro AC – versions prior to v1.3.10
- EcoStruxure – multiple models and versions
- Modicon M340 processors – multiple models and versions
- Modicon M580 communication modules BMENOC – BMENOC0321 versions prior to SV1.10
- Modicon M580 communication modules BMECRA – BMECRA31210 all versions
- Modicon M580/Quantum communication modules BMXCRA – BMXCRA31200 All versions, BMXCRA31210 All versions
- Modicon Quantum communication modules 140CRA – 140CRA31200 all versions, 140CRA31908 All versions
- Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) – versions prior to SV4.30
- Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) – versions prior to SV4.21
- PowerLogic HDPM6000 – version v0.62.7 and prior
- Pro-face GP-Pro EX – all versions
- Pro-face Remote HMI – all versions
- RemoteConnect and SCADAPackTM x70 Utilities – all versions
- Revenera FlexNet Publisher – multiple models and versions
- Vijeo Designer – versions prior to V6.3SP1 HF1
- Web Designer – multiple models and versions
- Zelio Soft 2 – all versions
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.