Details of VAR-202506-0440

ID

VAR-202506-0440

CVE

CVE-2025-3116

TITLE

Schneider Electric Modicon Controllers Input Validation Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15349

DESCRIPTION

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service

Trust: 1.44

sources: NVD: CVE-2025-3116 // CNVD: CNVD-2025-15349

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15349

AFFECTED PRODUCTS

vendor:	schneider	model:	electric modicon controllersm241/m251	scope:	lt	version:	5.3.12.51	Trust: 0.6
vendor:	schneider	model:	electric modicon controllers m258 /lmc058	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15349

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com:	CVE-2025-3116
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-15349
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15349
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@se.com:	CVE-2025-3116
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-15349 // NVD: CVE-2025-3116

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2025-3116

PATCH

title:

Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/706311

Trust: 0.6

sources: CNVD: CNVD-2025-15349

EXTERNAL IDS

db:	SCHNEIDER	id:	SEVD-2025-161-02	Trust: 1.6
db:	NVD	id:	CVE-2025-3116	Trust: 1.6
db:	CNVD	id:	CNVD-2025-15349	Trust: 0.6

sources: CNVD: CNVD-2025-15349 // NVD: CVE-2025-3116

REFERENCES

url:

https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-161-02.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-15349 // NVD: CVE-2025-3116

SOURCES

db:	CNVD	id:	CNVD-2025-15349
db:	NVD	id:	CVE-2025-3116

LAST UPDATE DATE

2025-07-10T22:48:27.813000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15349	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-3116	date:	2025-06-12T16:06:39.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15349	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-3116	date:	2025-06-10T09:15:23.657