PatchSiren cyber security CVE debrief
CVE-2024-12476 Schneider Electric CVE debrief
Schneider Electric Web Designer for Modicon is affected by an XML external entity (XXE) issue that can be triggered when a specially crafted XML project file is imported. CISA rates the issue 7.8 High. The advisory says the flaw can expose information, affect workstation integrity, and potentially lead to remote code execution on the compromised computer.
- Vendor
- Schneider Electric
- Product
- Web Designer for BMXNOR0200H
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-04
- Original CVE updated
- 2025-02-04
- Advisory published
- 2025-02-04
- Advisory updated
- 2025-02-04
Who should care
Teams that use Schneider Electric Web Designer on engineering or maintenance workstations, especially where project files are exchanged from external or less-trusted sources. This includes OT/ICS administrators, control engineers, and endpoint defenders responsible for the affected Web Designer products.
Technical summary
According to the CISA CSAF advisory, the issue is an improper restriction of XML external entity reference handling in Schneider Electric Web Designer for BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), and BMENOC0321(C), with all versions listed as affected. The attack requires the victim to import a specifically crafted XML file into the configuration tool. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access conditions with user interaction and high potential impact to confidentiality, integrity, and availability on the workstation.
Defensive priority
High for any environment running the affected Web Designer products. Prioritize if the tool opens project/XML files from removable media, email, shared drives, or other external sources, or if the workstation has broad access to OT assets.
Recommended defensive actions
- Restrict access to Web Designer project/XML files to trusted users only.
- Open only project files received from trusted sources.
- Encrypt project files at rest where possible and verify file integrity before use.
- Compute and regularly check hashes of project files before importing them.
- Use secure communication protocols when exchanging files over the network.
- Segment control and safety networks from business networks and minimize exposure of the workstation.
- Follow Schneider Electric security notifications for future remediation updates and guidance.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-035-05 for CVE-2024-12476, published 2025-02-04. The advisory names four affected Schneider Electric Web Designer products and states that all versions are affected. The source description attributes the issue to improper restriction of XML external entity references and notes impacts to information disclosure, workstation integrity, and potential remote code execution when a crafted XML file is imported. The supplied enrichment does not list a Known Exploited Vulnerability entry or ransomware association.
Official resources
-
CVE-2024-12476 CVE record
CVE.org
-
CVE-2024-12476 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-035-05 on 2025-02-04; no KEV listing is present in the supplied enrichment.