PatchSiren cyber security CVE debrief
CVE-2024-5056 Schneider Electric CVE debrief
CVE-2024-5056 affects Schneider Electric Modicon M340-related products and is described as a CWE-552 issue where files or directories are accessible to external parties. According to the advisory, this can prevent users from updating device firmware and can affect proper webserver behavior when specific files or directories are removed from the filesystem. The CISA CSAF record was originally published on 2024-06-11 and later revised on 2025-08-12 to add remediation details for BMXNOE0100 and BMXNOE0110.
- Vendor
- Schneider Electric
- Product
- Modicon M340
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2025-08-12
- Advisory published
- 2024-06-11
- Advisory updated
- 2025-08-12
Who should care
OT/ICS operators and administrators using Schneider Electric Modicon M340 systems, especially sites running BMXNOE0100 or BMXNOE0110 modules and any environment that exposes FTP or depends on the device webserver for maintenance.
Technical summary
The advisory maps CVE-2024-5056 to CWE-552 and reports an exposure of files or directories to external parties. The documented impact is operational rather than code-execution oriented: firmware updates may fail, and the webserver may not behave properly if specific filesystem objects are removed. Mitigations focus on network segmentation, blocking unauthorized FTP access on port 21/TCP, and disabling FTP when not needed. Vendor fixes are identified as BMXNOE0100 SV3.60 and BMXNOE0110 SV6.80.
Defensive priority
Medium. The CVSS base score is 6.5, and the issue can interrupt firmware maintenance and device webserver behavior. Prioritize higher in exposed OT networks or where FTP is enabled or reachable.
Recommended defensive actions
- Review whether any Modicon M340 deployments are using BMXNOE0100 or BMXNOE0110.
- Apply the vendor-fixed releases identified in the advisory: BMXNOE0100 SV3.60 and BMXNOE0110 SV6.80, where applicable.
- Until remediation is applied, segment the network and block unauthorized access to FTP port 21/TCP.
- Disable FTP service when it is not required.
- Follow the Schneider Electric Access Control List guidance referenced in the user manual for messaging configuration parameters.
- Monitor device management and maintenance workflows for firmware-update failures or webserver irregular behavior until fixed versions are deployed.
Evidence notes
All claims are drawn from the supplied CISA CSAF advisory record and its referenced Schneider Electric notices. The record states the CWE-552 condition, the impact on firmware updates and webserver behavior, the mitigations for FTP exposure, and the fixed versions for BMXNOE0100 and BMXNOE0110. The source timeline shows an original publication date of 2024-06-11 and a later advisory revision on 2025-08-12 that added remediation availability.
Official resources
-
CVE-2024-5056 CVE record
CVE.org
-
CVE-2024-5056 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-25-254-09 shows an original publication date of 2024-06-11 and a revision on 2025-08-12 that added remediation details. The provided corpus does not list a KEV designation.