CVE-2024-50953

CVE-2024-50953 is a vulnerability affecting the XINJE XL5E-16T programmable logic controller (PLC) running firmware version V3.7.2a. The issue enables attackers to trigger a Denial of Service (DoS) condition by sending a crafted Modbus message to the device. It is classified under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

Any unauthenticated attacker with network access to the device can exploit this vulnerability. Exploitation requires low complexity and no user interaction or privileges, allowing remote attackers to send a specially crafted Modbus message that disrupts the PLC's operation, rendering it unavailable without affecting confidentiality or integrity.

Mitigation details are available in the referenced advisory at https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XL5E-16T%20Modbus/XINJE%20XL5E-16T%20Modbus%20DoS.md, published alongside the CVE on 2025-01-15. No vendor patches or additional official guidance are specified in the available information.