CVE-2024-8933 Schneider Electric CVE debrief

Who should care

Asset owners and operators of Schneider Electric Modicon M340, MC80, or Momentum Unity M1E controllers in industrial environments. OT security teams responsible for PLC and DCS security architecture. Critical infrastructure operators in manufacturing, energy, water, and building automation sectors where these controllers are deployed. Compliance teams tracking ICS-CERT advisories and vendor security notices. Network engineers designing segmented control system architectures.

Technical summary

The vulnerability exists in the communication channel implementation of affected Modicon controllers. When a valid user uploads or downloads a project file, the transmission lacks proper message integrity enforcement (CWE-924). An attacker with logical network access can inject themselves into this communication flow to retrieve password hashes. Successful exploitation can lead to denial of service conditions and complete loss of confidentiality and integrity for the compromised controllers. The CVSS v3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects that while the attack is network-accessible and requires no privileges, the high attack complexity and required user interaction reduce exploitability. No firmware patches are currently available; defense relies on network architecture controls and ACL configuration.

Defensive priority

HIGH

Recommended defensive actions

• Segment control networks from enterprise IT and external networks to limit attacker positioning opportunities
• Deploy firewalls to block all unauthorized access to TCP port 502 (Modbus TCP) on affected controllers
• Configure Access Control Lists (ACLs) on each product line following vendor documentation: M340 per 'Modicon M340 for Ethernet Communications Modules and Processors User Manual' chapter 'Messaging ConfigurationParameters
• MC80 per 'MC80 Programmable Logic Controller (PLC) User Manual' section 'Access Control List (ACL)'
• Momentum Unity M1E per 'Momentum for EcoStruxure Control Expert Processors User Guide' section 'Controlling Access'
• Enable memory protection on M340 CPUs by configuring the input bit to a physical input as described in 'Modicon Controller Systems Cybersecurity User Guide' chapter 'Controller Memory Protection'
• Evaluate deployment of external firewall devices with VPN capabilities (e.g., Belden EAGLE40-07) for secure remote access, referencing 'Modicon Controller Systems Cybersecurity User Guide'
• Monitor for future firmware updates from Schneider Electric that will address CVE-2024-8933 and CVE-2024-8935; update this advisory when patches become available

Evidence notes

Vulnerability details and affected product list derived from CISA CSAF advisory ICSA-24-326-03. CVSS vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H confirms network attack vector with high attack complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability. Mitigation guidance sourced directly from vendor remediation statements in the CSAF document. No KEV listing or known ransomware campaign use identified.

Official resources