Improper Memory Buffer Restrictions in Schneider Electric Modicon Devices
CVE-2024-10498

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerlogic Hdpm6000
Vendor: CVE Published:; 17 January 2025

Summary

A vulnerability exists in Schneider Electric's Modicon PLCs that could be exploited by attackers through specific Modbus write packets. This flaw allows unauthorized modifications of configuration parameters beyond typical operational limits, potentially leading to invalid data processing or impaired access to the web interface. Organizations using affected Modicon devices should ensure proper network segmentation and monitoring to mitigate the risks associated with this vulnerability.

Affected Version(s)

PowerLogic HDPM6000 Versions v0.62.7 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Oct 29, 2024