CVE-2025-6625
HIGHSchneider Electric Modicon M340 - Denial of Service via Crafted FTP Command
Title source: llmDescription
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
References (1)
Core 1
Scores
CVSS v3
7.5
EPSS
0.0046
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (6)
Schneider Electric/BMXNGD0100: M580 Global Data module
All versions
Schneider Electric/BMXNOC0401: Modicon M340 X80 Ethernet Communication modules
All versions
Schneider Electric/BMXNOE0100: Modbus/TCP Ethernet Modicon M340 module
Versions prior to 3.60
Schneider Electric/BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast module
Versions prior to 6.80
Schneider ELectric/BMXNOR0200H: Ethernet / Serial RTU Module
All versions
Schneider Electric/Modicon M340
All versions
Published
Aug 18, 2025
Tracked Since
Feb 18, 2026