A CVSS v2 base score of 9.3 has been assigned the CVSS vector string is (AV:N/AC:M/Au:N/C:C/I:C/A:C). This vulnerability can be remotely exploited. No known public exploits specifically target this vulnerability. Schneider Electric has released a security notification with further information on this vulnerability and how to mitigate it: DIFFICULTYĪn attacker with a high skill would be able to exploit this vulnerability. Schneider Electric recommends that products that use this driver be updated with the latest version of software. New versions of OFS V3.5 and Unity Pro V8 include the updated ModbusDriverSuite.įor the other products listed above, the updated ModbusDriverSuite will be implemented with each new version of those software products.
TWIDOSUITE V2.31.4 SERIALĪsset owners concerned about the Modbus Serial Driver used for those applications, please contact Schneider Electric Technical Support at: TWIDOSUITE V2.31.4 PRO Until this software can be updated in the vulnerable devices, Schneider Electric recommends a defense-in-depth strategy, which includes locating the PLCs and devices running the vulnerable software behind firewalls configured to limit access to authorized personnel and protocols.