PatchSiren cyber security CVE debrief
CVE-2024-8937 Schneider Electric CVE debrief
A buffer overflow vulnerability (CWE-119) in Schneider Electric Modicon M340, MC80, and Momentum Unity M1E controllers allows potential arbitrary code execution following a successful man-in-the-middle attack. An attacker positioned between communicating parties can intercept and inject crafted Modbus commands to tamper with authentication function calls, exploiting improper bounds checking in memory buffer operations. The attack requires network access but no user interaction or privileges, making it a significant risk for unsegmented industrial control networks.
- Vendor
- Schneider Electric
- Product
- Modicon M340 CPU Controller
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2026-01-20
- Advisory published
- 2024-11-12
- Advisory updated
- 2026-01-20
Who should care
Organizations operating Schneider Electric Modicon M340, MC80, or Momentum Unity M1E controllers in industrial automation environments, particularly those with remote access capabilities or insufficient network segmentation. Critical infrastructure operators in manufacturing, energy, water treatment, and building automation should prioritize assessment and remediation.
Technical summary
The vulnerability stems from improper restriction of operations within memory buffer bounds (CWE-119) in the authentication processing of Modbus communications. A man-in-the-middle attacker can inject crafted Modbus commands that manipulate function calls during authentication, leading to buffer overflow conditions. Successful exploitation enables arbitrary code execution on the controller with potential impacts to confidentiality, integrity, and availability of industrial control processes. The attack vector is network-based with high attack complexity due to the MITM prerequisite, but requires no privileges or user interaction.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor firmware updates: Modicon M340 CPU to SV3.65 or later, Modicon MC80 to SV2.1 or later, and Modicon Momentum Unity M1E Processor to SV2.80 or later.
- Implement network segmentation and configure firewalls to block unauthorized access to TCP port 502 (Modbus).
- Configure Access Control Lists (ACLs) on affected controllers following manufacturer documentation to restrict device access.
- Enable memory protection features on M340 CPUs by configuring the input bit to a physical input.
- Consider deploying external firewall devices with VPN capabilities for remote access to control networks.
- Monitor network traffic for unauthorized Modbus commands and anomalous authentication attempts.
Evidence notes
CISA ICS advisory ICSA-24-326-04 (published 2024-11-12, updated through 2026-01-20) documents this vulnerability with CVSS 3.1 score 8.1 (HIGH). The advisory was originally released by Schneider Electric as SEVD-2024-317-03 and subsequently republished by CISA. Remediation firmware became available in stages: Momentum Unity M1E fix (SV2.80) by April 2025, MC80 fix (SV2.1) by January 2026.
Official resources
-
CVE-2024-8937 CVE record
CVE.org
-
CVE-2024-8937 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12