Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A)

Plan Patch7.5ICS-CERT ICSA-25-035-04Jan 14, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Modicon M580 PLCs, BMENOR2200H RTU communication module, and EVLink Pro AC charging station are affected by a buffer overflow vulnerability (CWE-131) that could cause denial-of-service. The vulnerability allows an attacker to send specially crafted network packets that exceed expected buffer boundaries, causing the affected device to crash or become unresponsive.

What this means

What could happen

An attacker could crash the Modicon M580 PLC or communication module, causing temporary loss of industrial process control and monitoring. This could interrupt power generation, distribution, or manufacturing operations until the device restarts.

Who's at risk

This affects energy utilities and manufacturers that use Schneider Electric Modicon M580 programmable automation controllers (PACs) for industrial process control and monitoring. Organizations operating BMENOR2200H RTU communication modules or EVLink Pro AC EV charging stations are also at risk. Impact is most significant for critical infrastructure operators in power generation and distribution.

How it could be exploited

An attacker with network access to the device could send a malformed message or packet to the Modicon M580, BMENOR2200H, or EVLink Pro AC that exceeds the buffer size the software expects, triggering a denial-of-service condition that stops the device from responding to legitimate commands.

Prerequisites

Network access to the Modicon M580 CPU, BMENOR2200H module, or EVLink Pro AC device (e.g., on the same network segment or reachable via WAN)
Ability to craft and send network packets to the vulnerable service port

remotely exploitableno authentication requiredlow complexitydenial-of-service impactaffects industrial control operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)< SV4.30SV4.30

Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)< SV4.21SV4.21

BMENOR2200H<SV4.02.01SV4.02.01

EVLink Pro AC< 1.3.101.3.10

Remediation & Mitigation

0/6

Do now

0/1

HARDENINGRestrict network access to Modicon M580 PLCs and communication modules to authorized engineering workstations and control systems using network segmentation or firewall rules

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

BMENOR2200H

HOTFIXUpdate BMENOR2200H firmware to SV4.02.01 or later

EVLink Pro AC

HOTFIXUpdate EVLink Pro AC firmware to V1.3.10 or later

All products

HOTFIXUpdate Modicon M580 CPU firmware to SV4.30 or later for standard M580 PLCs (BMEP* and BMEH* part numbers, excluding Safety models)

HOTFIXUpdate Modicon M580 CPU Safety firmware to SV4.21 or later for M580 Safety PLCs (BMEP58*S and BMEH58*S part numbers)

Long-term hardening

0/1

EVLink Pro AC

HARDENINGIsolate EVLink Pro AC charging stations on a separate network segment from critical industrial control systems if possible

CVEs (1)

CVE-2024-11425

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f2b2dbdd-6e5f-45bb-9114-09fbeee9b8cb