1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: Enerlin’X IFE interface and Enerlin’X eIFE
- Vulnerabilities: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition which would require the device to need to be manually rebooted.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Enerlin’X IFE interface and Enerlin’X eIFE are affected:
- Enerlin’X IFE interface: All versions
- Enerlin’X eIFE: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER INPUT VALIDATION CWE-20
An improper input validation vulnerability exists that could cause a denial of service of the product when malicious IPV6 packets are sent to the device.
CVE-2025-0816 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-0816. A base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.2.2 IMPROPER INPUT VALIDATION CWE-20
An improper input validation vulnerability exists that could cause denial
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: