PT-2024-9322 · Schneider Electric · Schneider Electric Modicon M241+3

Published

2024-12-10

Updated

2024-12-16

CVE-2024-11737

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M241, M251, M258, LMC058 (affected versions not specified)

Description: The issue is related to an Improper Input Validation vulnerability, which could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. This vulnerability exists due to errors in processing input data. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service and impact the confidentiality and integrity of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-11012

CVE-2024-11737

Affected Products

Schneider Electric Lmc058

Schneider Electric Modicon M241

Schneider Electric Modicon M251

Schneider Electric Modicon M258

PT-2024-9322 · Schneider Electric · Schneider Electric Modicon M241+3

CVE-2024-11737

Weakness Enumeration

Related Identifiers

Affected Products

References · 13