CVE-2024-50954 — HIGH (7.5)

Vulnerability Description

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-703

References

https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XL5E-16T

FAQ

What is CVE-2024-50954?

CVE-2024-50954 is a vulnerability with a CVSS score of 7.5 (HIGH). The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of control...

How severe is CVE-2024-50954?

CVE-2024-50954 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50954?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.