Modicon M241 / M251 / M258 / LMC058

Act Now9.8SEVD-2024-345-03Dec 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Modicon M241, M251, M258, and LMC058 controllers are vulnerable to input validation failures that could result in denial of service and partial loss of integrity on the controller. The vulnerability allows an attacker to send specially crafted packets that bypass input validation checks, potentially disrupting operations or corrupting controller state.

What this means

What could happen

An attacker with network access to the controller could send malicious packets that cause the PLC to stop responding or lose control of connected equipment, disrupting production or utility operations.

Who's at risk

This affects energy utilities and manufacturing facilities using Schneider Electric Modicon M241, M251, M258, or LMC058 programmable logic controllers that control critical process automation, including power distribution equipment and machine automation systems.

How it could be exploited

An attacker sends specially crafted network packets to the Modicon controller's network interface. The controller fails to properly validate the input due to CWE-20 (improper input validation), allowing the attacker to trigger a denial of service condition or corrupt the controller's internal state without requiring authentication or user interaction.

Prerequisites

Network access to the Modicon controller on its operational network
No authentication credentials required

remotely exploitableno authentication requiredlow complexitydenial of serviceaffects integrity of controller state

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon Controllers M241<5.2.11.295.2.11.29

Modicon Controllers M251<5.2.11.295.2.11.29

Modicon Controllers M258<5.0.4.195.0.4.19

Modicon Controllers LMC058<5.0.4.195.0.4.19

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to Modicon controller management interfaces using firewall rules or network segmentation to limit exposure to untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 and M251 controllers to firmware version 5.2.11.29 or later using Controller Assistant in EcoStruxure Machine Expert, then perform a reboot

HOTFIXUpdate Modicon M258 and LMC058 controllers to firmware version 5.0.4.19 or later using Controller Assistant in EcoStruxure Machine Expert, then perform a reboot

CVEs (1)

CVE-2024-11737

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3a40896-19bf-4594-b0dd-af2e1bfc3fd0