All advisories
HighPublished 2024-02-15 · 2d ago

ICSA-24-046-09 · CVE-2024-22013

Modicon M340 buffer overflow in HTTP server

A long URL in the embedded web server overflows a stack buffer, leading to denial of service and (with crafted payload) code execution on the controller CPU.

Mitigations

  1. 01Disable embedded HTTP server
  2. 02Apply firmware ≥ 3.40
  3. 03Restrict Modbus/TCP to known engineering workstations