CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3116: CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special...

7.1 CVSS

Description

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends special malformed HTTPS request containing improper formatted body
data to the controller.

Classification

CVE ID: CVE-2025-3116

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-20 Improper Input Validation

Affected Products

Vendor: Schneider Electric

Product: Modicon Controllers M241/M251, Modicon Controllers M258 / LMC058

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.14% (scored less or equal to compared to others)

EPSS Date: 2025-06-17 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3116
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf

Timeline

2025-06-10 22:40:13 UTC
CVE

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special...