XINJE XL5E-16T and XD5E-24R-E Modbus Message Handling Vulnerability Leading to Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in the XINJE XL5E-16T and XD5E-24R-E programmable logic controllers, specifically in versions V3.5.3b through V3.7.2a. The issue arises from the controllers' handling of Modbus messages over TCP connections within a local area network. When a specific Modbus message is sent to the affected controllers, it can cause the PLC to crash, disrupting the normal operation of any running programs. This crash is indicated by the ERR light turning on and the RUN light turning off.
Impact
Exploitation of this vulnerability causes the PLC to crash, interrupting the operation of programs running on the device. The ERR indicator light activates, while the RUN light deactivates, signaling a disruption in normal functionality.
Reproduction
To reproduce this vulnerability, establish a TCP connection with the affected XINJE XL5E-16T or XD5E-24R-E PLC within a local area network. Once the connection is active, send a specific Modbus message that triggers the vulnerability. The PLC will crash, causing the ERR light to turn on and the RUN light to turn off, indicating a failure in program execution.