[Control systems] Schneider Electric security advisory (AV24-707)

Serial number: AV24-707
Date: December 11, 2024

On December 10, 2024, Schneider Electric published advisories to address vulnerabilities in the following products:

• Harmony HMIST6, HMISTM6, HMIG3U, HMIG3U, HMIG3X and HMISTO7 series – all versions
• Modicon M241, M251, M258 and LMC058 Controllers – all versions
• PowerChute Serial Shutdown – versions v1.2.0.301 and prior
• PFXST6000, PFXSTM6000, PFXSP5000 and PFXGP4100 series – all versions

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• Schneider Electric Security Notification - Harmony HMI and Pro-face HMI products (PDF)
• Schneider Electric Security Notification - Modicon M241 / M251 / M258 / LMC058 (PDF)
• Schneider Electric Security Notification - PowerChute Serial Shutdown (PDF)
• Schneider Electric Security Notifications