Critical RADIUS Vulnerability Affects Schneider Electric Modicon Switches
Schneider Electric's Modicon Network Managed Switches are vulnerable to a critical flaw in the RADIUS protocol, potentially allowing attackers to disrupt network services and compromise data.
Schneider Electric has disclosed a critical vulnerability, identified as CVE-2024-3596, affecting its Modicon Network Managed Switches. This flaw resides within the RADIUS protocol implementation and poses a significant risk to industrial control systems and critical infrastructure that rely on these devices for network connectivity and management.
The vulnerability arises from an improper enforcement of message integrity during transmission in the communication channel. Specifically, if the RADIUS Server Message Authenticator option is disabled on the affected switches, attackers can forge RADIUS responses. This forgery could lead to a variety of malicious outcomes, including the modification of legitimate RADIUS responses, ultimately resulting in denial of service (DoS) conditions and the loss of confidentiality and integrity for devices connected to the compromised switch.
All versions of Schneider Electric's Connexium, Modicon, and Modicon Redundancy Managed Switches are impacted by this vulnerability. These switches are integral components in numerous industrial environments, providing essential network infrastructure for operational technology (OT) systems across sectors such as commercial facilities, energy, food and agriculture, government services, transportation, and water and wastewater management. The widespread deployment of these products globally underscores the potential scale of this threat.
The Common Vulnerability Scoring System (CVSS) v3.1 base score for CVE-2024-3596 is a critical 9.0, with a vector string of AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. This high score reflects the potential for network-based attackers with low privileges to exploit the vulnerability under specific conditions, leading to significant impacts on confidentiality, integrity, and availability.
Schneider Electric has provided a clear mitigation strategy: ensuring the RADIUS Server Message Authenticator option remains enabled. This parameter is enabled by default in the product's configuration and can be managed via Command Line Interface (CLI) or Simple Network Management Protocol (SNMP). By keeping this authenticator active, the risk of attackers forging RADIUS responses is effectively neutralized.
While a patch is not explicitly mentioned, the recommended mitigation focuses on configuration management, suggesting that affected organizations can protect themselves by verifying and maintaining the default security settings. Schneider Electric advises customers to consult their local representatives or the company's Industrial Cybersecurity Services for further assistance and guidance on implementing the necessary security measures.
This advisory serves as a crucial reminder for organizations operating critical infrastructure to regularly review and secure their network devices, particularly those involved in authentication processes. The vulnerability highlights the ongoing importance of robust security practices within industrial environments, including network segmentation, access control, and diligent configuration management, to protect against sophisticated cyber threats.