← volver
CVE-2025-6625

CVE-2025-6625

CVSS 8.7 HIGHEPSS 0.5%CWE-20
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
Schneider Electric · BMXNGD0100: M580 Global Data moduleSchneider Electric · BMXNOC0401: Modicon M340 X80 Ethernet Communication modulesSchneider Electric · BMXNOE0100: Modbus/TCP Ethernet Modicon M340 moduleSchneider Electric · BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast moduleSchneider Electric · Modicon M340Schneider ELectric · BMXNOR0200H: Ethernet / Serial RTU Module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-05.pdf