CVE-2025-3756

EPSS 0.04%
Veröffentlicht 13.04.2026 17:11:08
Zuletzt bearbeitet 17.04.2026 15:18:16
Quelle cybersecurity@ch.abb.com
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. 




The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.

   



This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

CNA 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerABB

≫

Produkt AC800M (System 800xA)

Default Statusunaffected

Version <= 6.0.0303.0

Version 6.0.0x

Status affected

Version <= 6.1.0031.0

Version 6.1.0x

Status affected

Version <= 6.1.1004.0

Version 6.1.1x

Status affected

Version <= 6.1.1202.0

Version 6.1.1x

Status affected

Version <= 6.2.0006.0

Version 6.2.0x

Status affected

HerstellerABB

≫

Produkt Symphony Plus SD Series

Default Statusunaffected

Version A_0

Status affected

Version A_1

Status affected

Version A_2.003

Status affected

Version A_3.005

Status affected

Version A_4.001

Status affected

Version B_0.005

Status affected

HerstellerABB

≫

Produkt Symphony Plus MR (Melody Rack)

Default Statusunaffected

Version <= 3.52

Version 3.10

Status affected

HerstellerABB

≫

Produkt S+ Operations

Default Statusunaffected

Version 2.1

Status affected

Version 2.2

Status affected

Version 2.3

Status affected

Version 3.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cybersecurity@ch.abb.com	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cybersecurity@ch.abb.com	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&LanguageCode=en&DocumentPartId=&Action=Launch

https://nvd.nist.gov/vuln/detail/CVE-2025-3756

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3756

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3756

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-3756