CVE-2024-50954

high

Description

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.

References

https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XL5E-16T%20XD5E-24R%20Modbus/XINJE%20XL5E-16T%20XD5E-24R%20Modbus.md

Details

Source: Mitre, NVD

Published: 2025-01-15

Updated: 2025-01-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

Detections

Analytics