CVE-2024-10498

Name of the Vulnerable Software and Affected Versions Schneider Electric PowerLogic HDPM6000 versions up to 0.62.7

Description The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which could allow an unauthorized attacker to modify configuration values outside of the normal range by sending specific Modbus write packets to the device. This could result in invalid data or loss of web interface functionality.

Recommendations For Schneider Electric PowerLogic HDPM6000 versions up to 0.62.7, consider disabling the Modbus protocol until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of unauthorized configuration modifications. Avoid using the Modbus write packets to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.