Schneider Electric Modicon

Plan PatchCVSS 9.8ICS-CERT ICSA-24-352-04Dec 10, 2024

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A flaw in input validation in Schneider Electric Modicon M241/M251/M258/LMC058 programmable logic controllers allows an attacker to send a specially crafted network message that causes denial of service or partial corruption of controller integrity. This could disrupt factory automation or energy distribution operations. Fixes are available for M241/M251 (firmware 5.2.11.29) and M258/LMC058 (firmware 5.0.4.19).

What this means

What could happen

An attacker with network access to the controller could cause denial of service or corrupt the controller's integrity, potentially disrupting manufacturing or energy distribution processes.

Who's at risk

Energy utilities and manufacturing plants using Schneider Electric Modicon M241, M251, M258, or LMC058 programmable logic controllers should prioritize patching. These are core PLC devices controlling production processes or power systems; vulnerable units are remotely reachable if network-exposed.

How it could be exploited

An attacker sends a specially crafted network message to the Modicon controller (port 502 or related ICS protocol port). The input validation flaw in the controller firmware allows the malicious message to corrupt the controller's internal state or crash the service, halting PLC operations.

Prerequisites

Network access to the Modicon controller on port 502 or industrial protocol port
No authentication required

remotely exploitableno authentication requiredaffects critical control logiclow complexity

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon Controllers M241<5.2.11.295.2.11.29

Modicon Controllers M251<5.2.11.295.2.11.29

Modicon Controllers M258<5.0.4.195.0.4.19

Modicon Controllers LMC058<5.0.4.195.0.4.19

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to Modicon controllers to only authorized engineering workstations and SCADA systems using firewall rules or network segmentation

HARDENINGDisable direct internet-facing access to Modicon controllers; ensure they are only reachable from internal plant networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 and M251 controllers to firmware version 5.2.11.29 or later using EcoStruxure Machine Expert Software Update (SESU) application and reboot

HOTFIXUpdate Modicon M258 and LMC058 controllers to firmware version 5.0.4.19 or later using Controller Assistant from EcoStruxure Machine Expert and reboot

CVEs (1)

CVE-2024-11737

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3ce75c32-703f-4a29-8663-4f0622325396

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.