CVE-2025-8449

Summary

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.

Affected Software

VendorProductVersion RangeStatus
Schnieder ElectricEcoStruxure Building Operation Enterprise ServerAll 7.x versions < 7.0.2.348affected
Schnieder ElectricEcoStruxure Building Operation Enterprise ServerAll 6.x versions < 6.0.4.10001 (CP8)unaffected
Schnieder ElectricEcoStruxure Building Operation Enterprise ServerAll 5.x versions < 5.0.3.17009 (CP16)affected
Schneider ElectricEcoStruxure Enterprise ServerAll 7.x versions < 7.0.2.348unaffected
Schneider ElectricEcoStruxure Enterprise ServerAll 6.x versions < 6.0.4.10001 (CP8)affected
Schneider ElectricEcoStruxure Enterprise ServerAll 5.x versions < 5.0.3.17009 (CP16)affected
Schneider EelctricEcoStruxure Building Operation WorkstationAll 7.x versions < 7.0.2.348affected
Schneider EelctricEcoStruxure Building Operation WorkstationAll 6.x versions < 6.0.4.10001 (CP8)affected
Schneider EelctricEcoStruxure Building Operation WorkstationAll 5.x versions < 5.0.3.17009 (CP16)affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References