Improper Input Validation in Schneider Electric Devices
CVE-2025-0815

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Enerlin’x Ife Interface (lv434001); Enerlin’x Eife (lv851001)
Vendor: CVE Published:; 13 February 2025

Summary

A vulnerability exists in Schneider Electric devices due to improper input validation, which may lead to a Denial-of-Service condition when malicious ICMPV6 packets are transmitted to the device. This flaw could disrupt the normal functioning of the affected products, making them susceptible to targeted attacks that exploit this weakness.

Affected Version(s)

Enerlin’X eIFE (LV851001) All versions

Enerlin’X IFE interface (LV434001) All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 28, 2025