Uncontrolled Resource Consumption in IEC 61131 Programs of Schneider Electric Products
CVE-2018-25112

7.5HIGH

Key Information:

Vendor: Phoenix Contact
Status: Ilc 131; Ilc 151; Ilc 171; Ilc 191 Eth
Vendor: CVE Published:; 4 June 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2018-25112?

An unauthenticated remote attacker can exploit the uncontrolled resource consumption vulnerability found in IEC 61131 programs in Schneider Electric products. By generating excessive network traffic, the attacker overwhelms the Integrated Logic Controller (ILC) leading to a Denial-of-Service condition. This can disrupt the functionality of the device, making it unresponsive and affecting overall system operations.

Affected Version(s)

ILC 131 vers:all/*

ILC 151 vers:all/*

ILC 171 vers:all/*

References

https://certvde.com/en/advisories/VDE-2018-012/

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Matthias Niedermaier (Hochschule Augsburg)

Jan-Ole Malchow (Freie Universität Berlin)

Florian Fischer (Hochschule Augsburg)