Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
CVE-2024-50954: XINJE XL5E-16T and XD5E-24R-E PLCs can crash when receiving a specific Modbus message
CVE-2024-50954
Summary
XINJE XL5E-16T and XD5E-24R-E programmable logic controllers in versions V3.5.3b-V3.7.2a may crash when receiving a specific type of message on a local network. This can cause the PLC to stop working, requiring a restart. To avoid this issue, update the controller to the latest version or configure the network to block the malicious message.
Original title
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of cont...
Original description
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.
nvd CVSS3.1
7.5
Vulnerability type
CWE-703
Published: 15 Jan 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026