Improper Input Validation Vulnerability in Schneider Electric's Product
CVE-2025-3116

7.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon Controllers M241/m251; Modicon Controllers M258 / Lmc058
Vendor: CVE Published:; 10 June 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-3116?

An improper input validation vulnerability exists in Schneider Electric's product, which could allow authenticated malicious users to trigger a Denial of Service condition. This vulnerability arises when users send specially crafted malformed HTTPS requests with improperly formatted body data to the controller, potentially disrupting service availability.

Affected Version(s)

Modicon Controllers M241/M251 Versions prior to 5.3.12.51

Modicon Controllers M258 / LMC058 All Versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 2, 2025