Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC

Plan Patch7.5SEVD-2025-014-01Jan 14, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability exists in Modicon M580 Programmable Logic Controllers (PLCs), the BMENOR2200H RTU communication module, and EVLink Pro AC charging stations. The vulnerability is triggered by sending a specially crafted network packet to the affected device. Exploitation requires only network access and no credentials. Successful exploitation causes denial-of-service by crashing or making the device unresponsive, halting industrial process control and monitoring until manual recovery. The vulnerability affects Modicon M580 CPU models with firmware versions below SV4.30, M580 CPU Safety models below SV4.21, BMENOR2200H modules below SV4.02.01, and EVLink Pro AC systems below version 1.3.10.

What this means

What could happen

A buffer overflow vulnerability in Modicon M580 PLCs and related devices could allow a remote attacker to cause a denial-of-service condition, stopping process control and preventing monitoring of industrial operations until the device is manually recovered.

Who's at risk

Energy and manufacturing organizations using Modicon M580 PLCs for process automation should prioritize this patch. The vulnerability affects the main CPU modules (BMEP and BMEH series), the Safety variant, the BMENOR2200H RTU communication module used for remote monitoring and control, and EVLink Pro AC EV charging stations. Any facility relying on M580 PLCs for critical industrial operations, including water authorities managing treatment and distribution systems, should assess their exposure.

How it could be exploited

An attacker with network access to the affected device could send a specially crafted network packet that triggers a buffer overflow in the firmware, causing the device to crash or become unresponsive. No credentials or authentication are required.

Prerequisites

Network access to the device on its control network or management interface
No credentials required

remotely exploitableno authentication requiredlow complexityaffects control systemsdenial-of-service impact on industrial operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)<SV4.30SV4.30

Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)<SV4.21SV4.21

BMENOR2200H<SV4.02.01SV4.02.01

EVLink Pro AC<1.3.101.3.10

Remediation & Mitigation

0/6

Do now

0/1

HARDENINGRestrict network access to Modicon M580 PLCs and communication modules to authorized engineering and control systems only using firewall rules

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

BMENOR2200H

HOTFIXUpdate BMENOR2200H communication module firmware to version SV4.02.01 or later

EVLink Pro AC

HOTFIXUpdate EVLink Pro AC charging station firmware to version 1.3.10 or later

All products

HOTFIXUpdate Modicon M580 CPU firmware to version SV4.30 or later

HOTFIXUpdate Modicon M580 CPU Safety firmware to version SV4.21 or later

Long-term hardening

0/1

HARDENINGSegment PLCs and RTU modules onto a separate industrial control network isolated from untrusted networks

CVEs (1)

CVE-2024-11425

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b15ab9c6-c9a2-4b38-8c6f-0c115f55a15b