PatchSiren cyber security CVE debrief
CVE-2024-9409 Schneider Electric CVE debrief
A high-severity uncontrolled resource consumption vulnerability (CWE-400) in Schneider Electric PowerLogic PM5300 series power meters can cause device unresponsiveness and communication loss when the network contains a large volume of IGMP packets. The vulnerability was disclosed on November 12, 2024, with patches available for affected models.
- Vendor
- Schneider Electric
- Product
- PowerLogic PM5320
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Schneider Electric PowerLogic PM5300 series meters in industrial control system (ICS) environments, particularly those in critical infrastructure sectors such as energy, manufacturing, water/wastewater, and building automation. Network administrators responsible for multicast traffic management and OT security teams should prioritize assessment and remediation.
Technical summary
The vulnerability stems from improper handling of IGMP (Internet Group Management Protocol) packets, where a large volume of such traffic can exhaust device resources. This is classified as CWE-400: Uncontrolled Resource Consumption. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N). Successful exploitation results in high availability impact (A:H) through device unresponsiveness and loss of communication, though confidentiality and integrity remain unaffected. The affected products are industrial power meters used for energy monitoring and management in critical infrastructure environments.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor patches: PowerLogic PM5320 and PM5340 to version 2.4.0; PowerLogic PM5341 to version 2.7.0
- If patching is not immediately possible, enable IGMP Snooping on network switches to limit multicast traffic flooding
- Configure VLAN interface settings with distinct configurations per VLAN for proper IGMP operation
- Implement IGMP filtering on switch virtual interfaces (SVI), per-port, or per-port per-VLAN basis to control multicast traffic propagation
- Segment power meter networks from general IT infrastructure to reduce exposure to IGMP traffic sources
- Monitor for device unresponsiveness or communication loss as potential indicators of exploitation
Evidence notes
CISA ICS Advisory ICSA-24-326-06 and Schneider Electric security notice SEVD-2024-317-01 confirm this vulnerability affects PowerLogic PM5320 (≤2.3.8), PM5340 (≤2.3.8), and PM5341 (≤2.6.6). The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network-based attack with low complexity, no privileges required, and high availability impact.
Official resources
-
CVE-2024-9409 CVE record
CVE.org
-
CVE-2024-9409 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12