CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Schneider-electric
  • Bmxngd0100
  • Bmxngd0100 Firmware
  • Bmxnoc0401
  • Bmxnoc0401 Firmware
  • Bmxnoe0100
  • Bmxnoe0100 Firmware
  • Bmxnoe0110
  • Bmxnoe0110 Firmware
  • Bmxnor0200h
  • Bmxnor0200h Firmware
  • Modicon M340
  • Modicon M340 Firmware

No data.

No data.

References
Link Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-05.pdf cve-icon cve-icon
History

Mon, 18 Aug 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Schneider-electric
Schneider-electric bmxngd0100
Schneider-electric bmxngd0100 Firmware
Schneider-electric bmxnoc0401
Schneider-electric bmxnoc0401 Firmware
Schneider-electric bmxnoe0100
Schneider-electric bmxnoe0100 Firmware
Schneider-electric bmxnoe0110
Schneider-electric bmxnoe0110 Firmware
Schneider-electric bmxnor0200h
Schneider-electric bmxnor0200h Firmware
Schneider-electric modicon M340
Schneider-electric modicon M340 Firmware
Vendors & Products Schneider-electric
Schneider-electric bmxngd0100
Schneider-electric bmxngd0100 Firmware
Schneider-electric bmxnoc0401
Schneider-electric bmxnoc0401 Firmware
Schneider-electric bmxnoe0100
Schneider-electric bmxnoe0100 Firmware
Schneider-electric bmxnoe0110
Schneider-electric bmxnoe0110 Firmware
Schneider-electric bmxnor0200h
Schneider-electric bmxnor0200h Firmware
Schneider-electric modicon M340
Schneider-electric modicon M340 Firmware

Mon, 18 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 18 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
Description CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2025-08-18T12:22:54.996Z

Reserved: 2025-06-25T10:08:00.547Z

Link: CVE-2025-6625

cve-icon Vulnrichment

Updated: 2025-08-18T12:22:50.488Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-18T07:15:29.763

Modified: 2025-08-18T20:16:28.750

Link: CVE-2025-6625

cve-icon Redhat

No data.