{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/plc/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-25293"}],"_cs_exploited":false,"_cs_products":["PLC FW"],"_cs_severities":["critical"],"_cs_tags":["plc","buffer-overflow","industrial-control-systems","cve-2026-25293"],"_cs_type":"advisory","_cs_vendors":["Qualcomm"],"content_html":"\u003cp\u003eCVE-2026-25293 describes a buffer overflow vulnerability affecting Qualcomm\u0026rsquo;s Programmable Logic Controller Firmware (PLC FW).  The root cause is an incorrect authorization mechanism within the firmware. This flaw could allow an attacker to potentially overwrite memory buffers, leading to arbitrary code execution or denial of service. The vulnerability was disclosed in Qualcomm\u0026rsquo;s May 2026 security bulletin. Successful exploitation of this vulnerability could allow unauthorized modification of PLC configurations, potentially impacting industrial control systems and automation processes. The affected PLC FW is used in a range of industrial applications, increasing the scope and severity of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable PLC FW device on the network.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages CVE-2026-25293 to bypass authorization checks.\u003c/li\u003e\n\u003cli\u003eA crafted network packet is sent to the PLC FW, exploiting the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overflowed buffer overwrites critical memory regions.\u003c/li\u003e\n\u003cli\u003eAttacker gains control of PLC FW execution flow.\u003c/li\u003e\n\u003cli\u003eMalicious code is injected into the PLC memory space.\u003c/li\u003e\n\u003cli\u003eThe injected code executes, potentially modifying PLC logic or disrupting operations.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves unauthorized control over the PLC, leading to disruption, data manipulation, or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-25293 could allow attackers to gain complete control over Programmable Logic Controllers (PLCs). This could lead to significant disruptions in industrial control systems, manufacturing processes, and other automated systems. The vulnerability affects Qualcomm PLC FW, potentially impacting a large number of devices across various sectors. The high CVSS score of 9.6 reflects the critical impact of this vulnerability, including the potential for complete system compromise and denial of service.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches provided by Qualcomm as detailed in their May 2026 security bulletin (\u003ca href=\"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html\"\u003ehttps://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html\u003c/a\u003e) to remediate CVE-2026-25293.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Network Traffic to PLC Devices\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict network segmentation to limit the attack surface and prevent lateral movement to PLC devices.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected patterns or unauthorized access attempts to PLC devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T17:16:22Z","date_published":"2026-05-04T17:16:22Z","id":"/briefs/2026-05-plc-buffer-overflow/","summary":"CVE-2026-25293 is a critical buffer overflow vulnerability in Qualcomm PLC FW due to incorrect authorization, potentially allowing unauthorized access and control over programmable logic controllers.","title":"Qualcomm PLC FW Buffer Overflow via Incorrect Authorization (CVE-2026-25293)","url":"https://feed.craftedsignal.io/briefs/2026-05-plc-buffer-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["plc","denial-of-service","industrial-control-system","modicon"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 23, 2026, Team82 disclosed vulnerabilities affecting Schneider Electric\u0026rsquo;s Modicon M241, M251, and M262 programmable logic controllers (PLCs). These vulnerabilities, if exploited, can lead to a denial-of-service (DoS) condition, impacting the availability of the controller and potentially disrupting industrial processes. The Schneider Electric advisory SEVD-2026-069-01 addresses these issues, which were discovered by Claroty\u0026rsquo;s Team82. Successful exploitation could halt critical operations controlled by these PLCs, affecting various industrial sectors that rely on Schneider Electric\u0026rsquo;s automation solutions. Defenders should review the advisory and implement recommended mitigations to prevent potential disruptions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eGiven the limited details in the source, the following attack chain is based on common PLC DoS attack vectors:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e The attacker identifies a Modicon PLC M241/M251/M262 on the target network, potentially through network scanning or passive reconnaissance.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e The attacker gains unauthorized access to the PLC\u0026rsquo;s network, potentially through exploiting weak credentials, network misconfigurations, or vulnerabilities in related systems.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProtocol Exploitation:\u003c/strong\u003e The attacker leverages a vulnerability in the Modbus or other industrial protocol used by the PLC for communication.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Command Injection:\u003c/strong\u003e The attacker crafts and sends a series of specially crafted Modbus commands designed to overload the PLC\u0026rsquo;s processing capabilities.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResource Exhaustion:\u003c/strong\u003e The PLC attempts to process the malicious commands, leading to excessive CPU utilization, memory exhaustion, or other resource depletion.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial-of-Service:\u003c/strong\u003e The PLC becomes unresponsive and unable to execute its control logic, resulting in a denial-of-service condition. This affects the industrial process relying on the PLC.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProcess Disruption:\u003c/strong\u003e The industrial process controlled by the PLC halts or malfunctions due to the loss of control signals, leading to potential safety hazards, production losses, or equipment damage.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities results in a denial-of-service condition on the affected Schneider Electric Modicon PLCs. This can lead to disruption of industrial processes, potential equipment damage, and safety hazards. The exact impact depends on the specific application and the criticality of the controlled processes. Given the wide adoption of Modicon PLCs across various sectors, a successful attack could impact numerous organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview Schneider Electric\u0026rsquo;s advisory SEVD-2026-069-01 for detailed vulnerability information and recommended mitigations.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to isolate PLCs and other critical industrial control systems.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious Modbus commands or other anomalous communication patterns related to the Modicon PLCs using the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eRegularly audit and update PLC firmware to patch known vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-23T19:15:23Z","date_published":"2026-03-23T19:15:23Z","id":"/briefs/2024-05-modicon-dos/","summary":"Team82 disclosed vulnerabilities in Schneider Electric Modicon Controllers M241, M251, and M262 PLC lines, which can allow an attacker to cause a denial-of-service condition and affect controller availability.","title":"Schneider Electric Modicon PLC Denial-of-Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-05-modicon-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Plc","version":"https://jsonfeed.org/version/1.1"}