July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Patchwork APT Group – Active IOCs
December 24, 2024ICS: Multiple Hitachi Products Vulnerabilities
December 24, 2024Patchwork APT Group – Active IOCs
December 24, 2024ICS: Multiple Hitachi Products Vulnerabilities
December 24, 2024
Severity
High
Analysis Summary
CVE-2024-11737 CVSS:9.3
Schneider Electric Modicon is vulnerable to a denial of service, caused by an improper input validation vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service and a loss of confidentiality, integrity of the controller.
CVE-2024-11999 CVSS:8.8
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-11737
- CVE-2024-11999
Affected Vendors
Schneider Electric
Affected Products
- Schneider Electric Modicon Controllers M241 / M251 - All versions
- Schneider Electric Modicon Controllers M258 / LMC058 - All versions
- Schneider Electric PFXST6000
- Schneider Electric HMISTM6
- Schneider Electric HMIG3U
Remediation
Refer to Schneider Electric Security Advisory for patch, upgrade or suggested workaround information.