Schneider Electric Modicon M340 Vulnerability Advisory

Image credit: Photo by Rebecca Wang / CC BY 4.0

Warning: Schneider Electric has dropped a critical advisory about their Modicon M340 controllers, CVE-2025-6625 targets them with around an 8.7 base score. Attackers can exploit this by sending malformed FTP commands and don’t need authentication or user action to succeed. Meanwhile, nearly every M340 controller and several communication modules are impacted by this flaw—so it’s a widespread issue.

Here’s what’s going on: the FTP service doesn’t properly check the incoming commands. Result? Attackers can crash controllers leading to halted production or darkened critical systems. This network-based attack has low complexity, meaning anyone reaching port 21 could hit you where it hurts.

Note that Schneider has some patches ready for BMXNOE0100 with firmware 3.60 and BMXNOE0110 requiring 6.80—and yes, reboots are a must. Unfortunately, for most M340 controllers and more modules, fixes are yet to arrive. Best to disable FTP if not needed (it’s often off anyway) and segment networks—keep these off the internet at all costs.

The discovery, credit goes to CyManII, was reported responsibly, thankfully no active exploitation has been spotted yet. With such vulnerabilities in operational tech, it’s not if but when someone weaponizes it—just ensure your systems are bulletproof against a few well-aimed packets.