Primary

Context

Schneider Electric Products Denial-of-Service Vulnerability via Malicious IEC61850-MMS Packets

Vulnerability

A denial-of-service vulnerability has been identified in certain Schneider Electric products, caused by improper input validation. When malicious IEC61850-MMS packets are sent to the device, network services can be disrupted, leading to a denial-of-service condition. However, the core functionality of the device remains unaffected during the attack.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing disruption of network services on the affected device.

Remediation

Users are advised to consult the Security and Safety Notice SEVD-2025-042-04 for guidance on addressing this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric Products Denial-of-Service Vulnerability via Malicious IEC61850-MMS Packets

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating