Schneider Electric reports critical flaw in Modicon Programmable Logic Controllers
Take action: If you are using Schneider Electric Modicon Controllers M241, M251, M258, and LMC058, be aware that they have a critical unpatched flaw. Isolate them from the public internet, control access to port 502/TCP and make sure the controllers are physically secure. Then check with the vendor for patch and plan an update.
Learn More
A critical security vulnerability is reported in Schneider Electric's Modicon controllers, tracked as CVE-2024-11737 (CVSS v3.1 score 9.8, CVSS v4.0 score 9.3).
The vulnerability stems from improper input validation that could allow unauthenticated attackers to compromise affected systems remotely. It allows an unauthenticated attacker to send crafted Modbus packets to the device through Port 502/TCP, potentially compromising the system, with no user interaction required for exploitation.
The vulnerability affects all versions of Modicon Controllers M241, M251, M258, and LMC058, which are deployed worldwide across multiple critical infrastructure sectors including Commercial Facilities, Critical Manufacturing, and Energy.
Currently, no known public exploitation has been reported to CISA, and Schneider Electric is developing a remediation plan for future versions. However, no immediate patch is available.
To mitigate the risk, organizations are advised to isolate the controllers from public internet, implement network segmentation, block unauthorized access to Port 502/TCP, and filtering ports and IP through embedded firewall as well as to physically place controllers in locked cabinets, never leave controllers in "Program" mode, and control physical access to systems and components.
