CVE-2025-3116

Summary

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon Controllers M241/M251Versions prior to 5.3.12.51affected
Schneider ElectricModicon Controllers M258 / LMC058All Versionsaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References