PatchSiren cyber security CVE debrief
CVE-2024-11425 Schneider Electric CVE debrief
CVE-2024-11425 is a high-severity denial-of-service issue in Schneider Electric Modicon M580 CPU firmware. According to the advisory, an unauthenticated attacker can send a crafted HTTPS packet to the web server and trigger a buffer size calculation error that can disrupt product availability. Schneider Electric lists fixed firmware in SV4.30 for the affected Modicon M580 CPU family and recommends network segmentation plus blocking unauthorized access to TCP/443.
- Vendor
- Schneider Electric
- Product
- Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-01-14
- Advisory updated
- 2025-04-08
Who should care
OT and industrial automation teams running Schneider Electric Modicon M580 CPU devices (BMEP* and BMEH*), especially operators who expose the web interface or allow broad network access to control equipment. Security teams responsible for plant segmentation, firewall policy, and firmware lifecycle management should also prioritize it.
Technical summary
The issue is identified as CWE-131 (Incorrect Calculation of Buffer Size). The advisory states that an unauthenticated user can send a crafted HTTPS packet to the web server, causing a denial of service. For the requested product family, CISA’s CSAF data lists affected Modicon M580 CPU versions prior to SV4.30 and identifies SV4.30 as the fixed release. The advisory also recommends blocking unauthorized access to port 443/TCP and following access control guidance in the product manuals.
Defensive priority
High
Recommended defensive actions
- Upgrade affected Modicon M580 CPU devices to SV4.30 or later using Schneider Electric's official firmware package.
- Restrict access to the device web server by blocking unauthorized inbound traffic to TCP/443 at firewalls and segmented network boundaries.
- Review and tighten access control lists for Modicon M580 systems in line with Schneider Electric's hardware reference manual.
- Inventory exposed Schneider Electric OT assets to confirm which devices fall under the affected BMEP*/BMEH* product family and firmware range.
- Validate that compensating controls remain in place wherever immediate firmware updates are not possible.
Evidence notes
The supplied source corpus is a CISA CSAF advisory (ICSA-25-035-04) derived from Schneider Electric's security notice SEVD-2025-014-01. It explicitly describes a CWE-131 buffer size calculation error leading to denial of service from an unauthenticated crafted HTTPS packet. For the Modicon M580 CPU family, the advisory lists affected versions prior to SV4.30 and remediation in SV4.30. The advisory was published on 2025-01-14 and modified on 2025-04-08; the later revision added remediation for another product in the same notice. No KEV entry was supplied in the prompt.
Official resources
-
CVE-2024-11425 CVE record
CVE.org
-
CVE-2024-11425 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-035-04 and Schneider Electric published SEVD-2025-014-01 on 2025-01-14. CISA revised the advisory on 2025-04-08. The prompt did not supply a Known Exploited Vulnerabilities listing or known ransomware association for这