Sign-up

ID

VAR-202506-0445


CVE

CVE-2025-3898


TITLE

Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)

Trust: 0.6

sources: CNVD: CNVD-2025-15352

DESCRIPTION

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. Schneider Electric Modicon Controllers is a series of Modicon series programmable logic controllers from Schneider Electric of France. Schneider Electric Modicon Controllers has an input validation error vulnerability. The vulnerability is caused by improper input validation. Attackers can exploit this vulnerability to cause a denial of service

Trust: 1.44

sources: NVD: CVE-2025-3898 // CNVD: CNVD-2025-15352

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15352

AFFECTED PRODUCTS

vendor:schneidermodel:electric modicon controllersm241/m251scope:ltversion:5.3.12.51

Trust: 0.6

vendor:schneidermodel:electric modicon controllers m262scope:ltversion:5.3.9.18

Trust: 0.6

sources: CNVD: CNVD-2025-15352

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com: CVE-2025-3898
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-15352
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-15352
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cybersecurity@se.com: CVE-2025-3898
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-15352 // NVD: CVE-2025-3898

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2025-3898

PATCH

title:Patch for Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)url:https://www.cnvd.org.cn/patchInfo/show/706341

Trust: 0.6

sources: CNVD: CNVD-2025-15352

EXTERNAL IDS

db:SCHNEIDERid:SEVD-2025-161-02

Trust: 1.6

db:NVDid:CVE-2025-3898

Trust: 1.6

db:CNVDid:CNVD-2025-15352

Trust: 0.6

sources: CNVD: CNVD-2025-15352 // NVD: CVE-2025-3898

REFERENCES

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-161-02.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-15352 // NVD: CVE-2025-3898

SOURCES

db:CNVDid:CNVD-2025-15352
db:NVDid:CVE-2025-3898

LAST UPDATE DATE

2025-07-10T22:48:27.845000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15352date:2025-07-09T00:00:00
db:NVDid:CVE-2025-3898date:2025-06-12T16:06:39.330

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15352date:2025-07-09T00:00:00
db:NVDid:CVE-2025-3898date:2025-06-10T09:15:24.137