CISA flags critical RADIUS flaw in Modicon switches
The default setting is safe; the risk starts when operators have disabled Message Authenticator and forgotten the exception exists.
TL;DR
CISA published ICSA-26-160-01 for CVE-2024-3596, a CVSS 9.0 RADIUS protocol forgery flaw affecting all Connexium, Modicon and Modicon Redundancy managed switches. Defense-industrial-base contractors and critical-infrastructure operators using RADIUS should verify that Server Message Authenticator remains enabled. The advisory points to CLI or SNMP configuration checks, not a firmware version.
CISA’s advisory is a configuration check with a critical score attached. Schneider Electric says the default RADIUS configuration on Modicon Network Managed Switches is not vulnerable, but disabling the RADIUS Server Message Authenticator option exposes the products to forgery attacks that can modify valid Access-Accept, Access-Reject or Access-Challenge responses. For operators, the Monday task is narrow: inventory Connexium, Modicon and Modicon Redundancy managed switches using RADIUS, confirm Message Authenticator is enabled through the listed CLI or SNMP settings, and treat any disabled setting as an exception requiring remediation.
Published ·Deep Fathom