CVE-2024-50954

Name of the Vulnerable Software and Affected Versions XINJE XL5E-16T and XD5E-24R-E versions V3.5.3b through V3.7.2a

Description The vulnerability is related to the handling of Modbus messages. When a TCP connection is established with the controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.

Recommendations For versions V3.5.3b through V3.7.2a, consider restricting access to the Modbus protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Modbus protocol in the affected controllers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.