CVE-2025-6625

Summary

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340All versionsaffected
Schneider ELectricBMXNOR0200H: Ethernet / Serial RTU ModuleAll versionsaffected
Schneider ElectricBMXNGD0100: M580 Global Data moduleAll versionsaffected
Schneider ElectricBMXNOC0401: Modicon M340 X80 Ethernet Communication modulesAll versionsaffected
Schneider ElectricBMXNOE0100: Modbus/TCP Ethernet Modicon M340 moduleVersions prior to 3.60affected
Schneider ElectricBMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast moduleVersions prior to 6.80affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References