CVE-2024-5056
📋 TL;DR
This CVE describes a CWE-552 vulnerability where specific files or directories are accessible to external parties in Schneider Electric devices. If exploited, it can prevent firmware updates and disrupt webserver functionality when those files are removed. Affected systems are Schneider Electric devices with vulnerable firmware versions.
💻 Affected Systems
- Schneider Electric Modicon M580
- Schneider Electric Modicon M340
- Schneider Electric Modicon Premium
- Schneider Electric Modicon Quantum
📦 What is this software?
Bmxnoe0100 Firmware by Schneider Electric
Bmxnoe0110 Firmware by Schneider Electric
Modicon M340 Firmware by Schneider Electric
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete critical files, causing permanent device malfunction, preventing firmware updates, and disrupting operational technology systems.
Likely Case
Unauthorized access leads to deletion of specific files, disrupting firmware update processes and causing temporary webserver outages.
If Mitigated
With proper access controls and network segmentation, impact is limited to denial of service for update functionality.
🎯 Exploit Status
Exploitation requires network access to the device's web interface but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to SEVD-2024-163-01 for specific patched firmware versions
Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf
Restart Required: Yes
Instructions:
1. Download patched firmware from Schneider Electric. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Verify update success and restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in dedicated network segments with strict firewall rules.
Disable Web Interface
allTurn off web server functionality if not required for operations.
🧯 If You Can't Patch
- Implement strict network access controls to limit device exposure
- Monitor device logs for unauthorized access attempts to web interface
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vulnerable versions listed in SEVD-2024-163-01Check Version:
Device-specific command via web interface or configuration toolVerify Fix Applied:
Verify firmware version matches patched versions from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to web interface
- File deletion events in system logs
- Failed firmware update attempts
Network Indicators:
- Unusual HTTP requests to device web interface
- Traffic patterns indicating file enumeration
SIEM Query:
source="device_logs" AND (event="file_deletion" OR event="unauthorized_access")