Schneider Electric Modicon

Act Now9.8ICS-CERT ICSA-24-352-04Dec 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Schneider Electric Modicon M241, M251, M258, and LMC058 controllers allows an attacker to send a malformed input that bypasses validation, causing denial of service and partial loss of controller integrity. This could disrupt operations of equipment controlled by these PLCs. Fixes are available: Modicon M241/M251 firmware 5.2.11.29 and Modicon M258/LMC058 firmware 5.0.4.19. Updates must be applied using EcoStruxure Machine Expert and Controller Assistant, followed by a reboot.

What this means

What could happen

An attacker could send a malformed message to a Modicon PLC over the network, causing it to stop responding or lose control of the equipment it manages, disrupting critical process operations like motor control, pressure regulation, or production sequencing.

Who's at risk

Energy and manufacturing facilities operating Schneider Electric Modicon M241, M251, M258, or LMC058 PLCs should prioritize this update. These controllers are commonly used for machine automation, process control, and critical infrastructure operations where unexpected shutdowns cause production loss or safety concerns.

How it could be exploited

An attacker with network access to the controller sends a specially crafted input that bypasses input validation, causing the PLC to either crash or lose partial operational integrity. No authentication is required.

Prerequisites

Network access to the Modicon controller's Ethernet port
No authentication credentials required

remotely exploitableno authentication requiredlow complexityaffects critical control systemshigh CVSS score (9.8)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon Controllers M241<5.2.11.295.2.11.29

Modicon Controllers M251<5.2.11.295.2.11.29

Modicon Controllers M258<5.0.4.195.0.4.19

Modicon Controllers LMC058<5.0.4.195.0.4.19

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDUse firewall rules to limit access to the controller to only authorized management workstations and engineering networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241/M251 firmware to version 5.2.11.29 or later using EcoStruxure Machine Expert and Controller Assistant, then reboot

HOTFIXUpdate Modicon M258/LMC058 firmware to version 5.0.4.19 or later using EcoStruxure Machine Expert and Controller Assistant, then reboot

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict direct network access to the Modicon controllers from untrusted sources

CVEs (1)

CVE-2024-11737

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3ce75c32-703f-4a29-8663-4f0622325396