Resource Allocation Vulnerability in Schneider Electric Webserver
CVE-2025-1059

8.7HIGH

Key Information:

Vendor: Schneider Electric
Status: Asco 5310 Single-channel Remote Annunciator; Asco 5350 Eight Channel Remote Annunciator
Vendor: CVE Published:; 13 February 2025

Summary

A resource allocation vulnerability exists in Schneider Electric Webserver that allows for the potential disruption of communications. This issue arises when malicious packets are sent, which can overwhelm the server and cause it to become unresponsive. Implementing proper resource limits and throttling mechanisms is essential to mitigate this risk and ensure continued device functionality.

Affected Version(s)

ASCO 5310 Single-Channel Remote Annunciator All versions

ASCO 5350 Eight Channel Remote Annunciator All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=s...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 5, 2025