PatchSiren cyber security CVE debrief
CVE-2024-5559 Schneider Electric CVE debrief
A medium-severity vulnerability (CVSS 6.1) in Schneider Electric PowerLogic P5 protective relays allows physical attackers to cause denial of service, device reboot, or gain full control of the relay by entering a specially crafted reset token at the device front panel. The root cause is CWE-327: Use of a Broken or Risky Cryptographic Algorithm. The vulnerability was disclosed on June 11, 2024, with an initial patch subsequently retracted; a corrected remediation became available on September 10, 2024. Affected versions are PowerLogic P5 v01.500.104 and prior. The vendor fix requires upgrading to PowerLogic P5 Wave 4.2.3 P5L30 firmware, obtainable through Schneider Electric's Customer Care Center. Physical access is required for exploitation, limiting remote attack vectors.
- Vendor
- Schneider Electric
- Product
- PowerLogic P5
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-09-10
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-09-10
Who should care
Organizations operating Schneider Electric PowerLogic P5 protective relays in electrical substations, industrial facilities, and critical infrastructure; ICS security teams responsible for protective relay security; facility managers with physical security oversight; compliance teams tracking CISA ICS advisories
Technical summary
CVE-2024-5559 is a CWE-327 vulnerability in Schneider Electric PowerLogic P5 protective relays (versions v01.500.104 and prior). The device uses a broken or risky cryptographic algorithm to validate reset tokens entered via the front panel. An attacker with physical access can craft a malicious reset token that bypasses authentication, resulting in denial of service, forced reboot, or complete compromise of relay control. The attack vector is local/physical (AV:P) with low attack complexity (AC:L). Confidentiality impact is none (C:N), but integrity and availability impacts are high (I:H, A:H). The vulnerability was initially disclosed June 11, 2024; the first patch was retracted the same day due to issues, with corrected firmware (Wave 4.2.3 P5L30) released September 10, 2024. Organizations must upgrade firmware and implement strict physical access controls.
Defensive priority
medium
Recommended defensive actions
- Upgrade PowerLogic P5 firmware to Wave 4.2.3 P5L30 by contacting Schneider Electric Customer Care Center
- Restrict physical access to PowerLogic P5 device front panels to authorized personnel only
- Monitor for unauthorized physical access attempts or unexpected device reboots
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Verify firmware integrity before deployment following the September 2024 remediation release
Evidence notes
CVE published 2024-06-11; advisory revision 1.1.0 (same date) retracted initial patch; revision 1.2.0 on 2024-09-10 confirmed remediation availability. Affected product confirmed as PowerLogic P5 v01.500.104 and prior via CSAF product tree.
Official resources
-
CVE-2024-5559 CVE record
CVE.org
-
CVE-2024-5559 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11