High severity7.5NVD Advisory· Published Jan 15, 2025· Updated Apr 15, 2026

CVE-2024-50954

Description

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XL5E-16T%20XD5E-24R%20Modbus/XINJE%20XL5E-16T%20XD5E-24R%20Modbus.mdnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000