8.7

CVE-2025-6625

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific
crafted FTP command is sent to the device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSchneider Electric
Produkt Modicon M340
Default Statusunaffected
Version All versions
Status affected
HerstellerSchneider ELectric
Produkt BMXNOR0200H: Ethernet / Serial RTU Module
Default Statusunaffected
Version All versions
Status affected
HerstellerSchneider Electric
Produkt BMXNGD0100: M580 Global Data module
Default Statusunaffected
Version All versions
Status affected
HerstellerSchneider Electric
Produkt BMXNOC0401: Modicon M340 X80 Ethernet Communication modules
Default Statusunaffected
Version All versions
Status affected
HerstellerSchneider Electric
Produkt BMXNOE0100: Modbus/TCP Ethernet Modicon M340 module
Default Statusunaffected
Version Versions prior to 3.60
Status affected
HerstellerSchneider Electric
Produkt BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast module
Default Statusunaffected
Version Versions prior to 6.80
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.296
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cybersecurity@se.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cybersecurity@se.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.