Improper Input Validation in Schneider Electric Network Devices
CVE-2025-0814

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Enerlin’x Ife Interface (lv434001); Enerlin’x Eife (lv851001)
Vendor: CVE Published:; 13 February 2025

Summary

An improper input validation vulnerability exists in certain Schneider Electric network devices, allowing attackers to send malicious IEC61850-MMS packets. When exploited, this vulnerability could lead to a Denial-of-Service condition, disrupting network services on affected devices. It is important to note that while the network services may be impacted, the core functionality of the device remains operational during such attacks, posing a risk of service disruption without complete device failure.

Affected Version(s)

Enerlin’X eIFE (LV851001) All versions

Enerlin’X IFE interface (LV434001) All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 28, 2025