8.7

CVE-2025-6625

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific
crafted FTP command is sent to the device.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSchneider Electric
Product Modicon M340
Default Statusunaffected
Version All versions
Status affected
VendorSchneider ELectric
Product BMXNOR0200H: Ethernet / Serial RTU Module
Default Statusunaffected
Version All versions
Status affected
VendorSchneider Electric
Product BMXNGD0100: M580 Global Data module
Default Statusunaffected
Version All versions
Status affected
VendorSchneider Electric
Product BMXNOC0401: Modicon M340 X80 Ethernet Communication modules
Default Statusunaffected
Version All versions
Status affected
VendorSchneider Electric
Product BMXNOE0100: Modbus/TCP Ethernet Modicon M340 module
Default Statusunaffected
Version Versions prior to 3.60
Status affected
VendorSchneider Electric
Product BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast module
Default Statusunaffected
Version Versions prior to 6.80
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.178
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
cybersecurity@se.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cybersecurity@se.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.