### #IndustrialControlSystems #PLCsecurity #OperationalTechnology
Summary: Schneider Electric has issued a critical security notification regarding a vulnerability in its Modicon PLCs that could lead to denial of service and integrity compromise. The vulnerability, CVE-2024-11737, has a high CVSS score of 9.8 and affects multiple models used in industrial applications.
Threat Actor: Unknown | unknown
Victim: Schneider Electric | Schneider Electric
Key Point :
- The vulnerability affects Modicon M241, M251, M258, and LMC058 PLCs across all versions.
- Schneider Electric recommends using controllers in protected environments to minimize exposure.
- Mitigation measures include filtering ports, network segmentation, and disabling unused protocols.
- A remediation plan is in development for future versions of the affected products.
- Customers are advised to consult the Cybersecurity Guidelines for further security measures.
Schneider Electric has issued a security notification warning of a critical vulnerability affecting its Modicon M241, M251, M258, and LMC058 Programmable Logic Controllers (PLCs). The vulnerability, tracked as CVE-2024-11737 and assigned a CVSS score of 9.8, could allow an attacker to cause a denial of service and compromise the integrity of the controller.
“Failure to apply the Fix provided below may risk a denial of service and partial loss of Integrity of the controller, which could result in disruption operations,” the notification warns.
The vulnerability affects all versions of the Modicon M241, M251, M258, and LMC058 PLCs. These controllers are used in a variety of industrial automation applications, including manufacturing, energy, and transportation.
Schneider Electric is currently working on a remediation plan for all future versions of the affected products. In the meantime, the company recommends that customers take the following mitigation measures to reduce the risk of exploitation:
-
Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from the public internet or untrusted networks.
Filter ports and IP through the embedded firewall.
Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP.
Disable all unused protocols (default configuration).
Schneider Electric also recommends that customers refer to the “Cybersecurity Guidelines for EcoStruxure Machine Expert, Modicon and PacDrive Controllers and Associated Equipment User Guide” for more detailed information on how to secure their PLCs.