CVE-2024-50956

Name of the Vulnerable Software and Affected Versions: Inovance HCPLC AM401-CPU1608TPTN version 21.38.0.0 Inovance HCPLC AM402-CPU1608TPTN version 41.38.0.0 Inovance HCPLC AM403-CPU1608TN version 81.38.0.0

Description: A buffer overflow in the RecvSocketData function allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message.

Recommendations: For Inovance HCPLC AM401-CPU1608TPTN version 21.38.0.0, consider disabling the RecvSocketData function until a patch is available. For Inovance HCPLC AM402-CPU1608TPTN version 41.38.0.0, restrict access to the Modbus protocol to minimize the risk of exploitation. For Inovance HCPLC AM403-CPU1608TN version 81.38.0.0, avoid processing crafted Modbus messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.