CVE-2013-0664

Name of the Vulnerable Software and Affected Versions Schneider Electric Quantum versions 140NOE77111 and 140NWM10000 M340 BMXNOE0110x Premium TSXETY5103

Description The issue allows remote authenticated users to execute arbitrary code by sending Modbus messages embedded in SOAP HTTP POST requests. This is due to insufficient input validation in the FactoryCast service component of the Schneider Electric Modicon M340 programmable logic controller's software.

Recommendations For Schneider Electric Quantum versions 140NOE77111 and 140NWM10000, consider disabling the FactoryCast service until a patch is available. For M340 BMXNOE0110x, restrict access to the SOAP HTTP POST requests to minimize the risk of exploitation. For Premium TSXETY5103, avoid using the FactoryCast service until the issue is resolved. As a temporary workaround, consider restricting the use of the Modbus messages in the SOAP requests until a patch is available.