—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial-of-Service (DoS) Vulnerability in Schneider Electric Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

EcoStruxure OPC UA Server Expert prior to version SV2.01 SP3

EcoStruxureTM Modicon Communication Server – All versions

Overview

A vulnerability has been reported in Schneider Electric products that can be exploited remotely to cause a denial-of-service (DoS) condition on affected systems.

Target Audience:

All organizations and individuals using the affected Schneider Electric products.

Risk Assessment:

High risk of denial of service to critical control system components.

Impact Assessment:

Potential for causing Denial of Service (DoS) conditions on the target system.

Description

Schneider Electric develops products and solutions for energy management and industrial automation, used across various sectors including residential, commercial, and industrial applications.

This vulnerability exists in Schneider products due to improper handling of network requests. A remote attacker could exploit this vulnerability by sending a flood of crafted OPC UA requests.

Successful exploitation of this vulnerability could allow a remote attacker to cause Denial-of-Service (DoS) conditions on the target system.

Solution

Apply appropriate updates (where available) as mentioned in Schneider Electric advisory, or apply mitigations as suggested:

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-287-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-287-01.pdf

References

Schneider Electric

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-287-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-287-01.pdf

CVE Name

CVE-2024-10085

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjyK10ACgkQ3jCgcSdc

ys833g//aQuNd8UATpZPV23ekJE9/QcbA2p/zmsFMx3VYy5U4w+uvdwEqm+XzHzb

b1GT61YpZXIEsJgcQq8zA/gOwAubbl73YoF5ezX6gBj0Rn8R9MmQTeg9cBq9fk+i

/y/D8eAnOOPgx7jQk/g1UEeiQqPZaFHyViyFBRJFQTP4/+PWHa+LyZH5H76vd5vl

au6HlI4GWKShqRBSMLJasbuZRYxudGpvzOacseFlBfUxQiNVU0/OCRMfuJlFYGeM

l66y7AkbuEA0C0BeOCMpL8cpR4Lj8emM+Onuxc7FrwHJsYTxe5/zdDusk5JBjI6F

WAHziBuHq1LwT7mYl6PdOrHNA4PIufkBeT/SJdDmLHKlVIhowPGpeQxbAJgF8Clz

Xyc0mJ3+cni9nSbqNb41ESL2pj2R83PO3NfvKyy5HlgrmXr9jXFdO3kFSSaI3HvX

MMg7njDaq9ksx6KJq5EBp92mWyd8dnQE6TbN+a2AKG/fBJnJ+BDI6MFgRmoeOTDj

2g+OMQmV48o/fiBFYvLfGXfc7KZtQ2djIcY3mhxtKBmhSUe+eAK3TrtOA+wKjjOU

Vr+7wMY3R4zmmD46vKiONqNDTDCi7Icirt6YsQUq6JYo7s8FubSIr/akvsK2UEyf

K7Ah0gqLiGBp0K7KHWFcnU2xYXb8fE0vvsXMmcRUy2IlFqwUMu0=

=U/TA

—–END PGP SIGNATURE—–