CVE-2024-9409

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic versions PM5320, PM5340, and PM5341

Description: An Uncontrolled Resource Consumption issue exists, potentially causing devices to become unresponsive and resulting in communication loss when a large amount of IGMP packets is present in the network. This could be exploited by a remote attacker sending specially crafted IGMP packets to cause a denial of service.

Recommendations: For Schneider Electric PowerLogic PM5320, PM5340, and PM5341, consider restricting or disabling the handling of IGMP packets as a temporary workaround until a patch is available. As a mitigation measure, restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.