Schneider Electric has disclosed a critical RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product line. When the RADIUS Server Message Authenticator option is disabled from its secure default state, attackers can forge authentication responses leading to potential denial of service and compromise of connected devices. The vulnerability affects all versions of Connexium, Modicon, and Modicon Redundancy managed switches deployed globally.

Why it matters in Western Canada: Energy and industrial facilities across Western Canada that use Schneider Electric network switches for critical infrastructure operations face authentication bypass risks if RADIUS message authentication is disabled. Healthcare, municipal, and post-secondary institutions relying on these switches for network access control should verify their configurations.

CVEs: CVE-2024-3596

---

Summary generated from the original advisory. Read the full source: cisa-advisories