PatchSiren cyber security CVE debrief
CVE-2025-0814 Schneider Electric CVE debrief
CVE-2025-0814 is a medium-severity improper input validation issue in Schneider Electric Enerlin'X IFE and eIFE devices. According to the advisory, malicious IEC61850-MMS packets can trigger a denial-of-service condition in the product’s network services. The breaker’s core functionality remains intact during the attack, but communications and management services may be disrupted until the device is recovered or updated.
- Vendor
- Schneider Electric
- Product
- Enerlin'X IFE interface
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-02-11
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-02-11
Who should care
OT operators, substations and industrial-network administrators, and asset owners using Schneider Electric Enerlin'X IFE or eIFE devices—especially where the devices are reachable from broader networks or where IEC61850-MMS traffic is permitted.
Technical summary
The supplied CSAF advisory states that versions 004.009.000 and prior of Enerlin'X IFE interface and Enerlin'X eIFE are affected. The flaw is classified as CWE-20 (Improper Input Validation). A remote attacker can send crafted IEC61850-MMS packets to cause denial of service of the product’s network services. No impact to the breaker’s core functionality is described in the source.
Defensive priority
Medium priority; patch promptly in exposed or operationally critical OT environments, and apply network containment immediately if remediation cannot be completed right away.
Recommended defensive actions
- Upgrade Enerlin'X IFE and eIFE to version 004.010.000 using the latest EcoStruxure Power Commission tool referenced by Schneider Electric.
- Restrict device exposure to protected OT networks; do not allow access from the public internet or untrusted networks.
- Segment the network and apply firewall rules to block unauthorized access to product-supported ports as described in the user guide.
- Configure the Access Control List according to Schneider Electric’s cybersecurity guide and user guide.
- Subscribe to Schneider Electric security notifications to receive updates on affected products and remediation guidance.
Evidence notes
CISA CSAF advisory ICSA-25-079-02 and Schneider Electric’s Security and Safety Notice SEVD-2025-042-04 both identify CVE-2025-0814. The source states that Enerlin'X IFE interface version 004.009.000 and prior, and Enerlin'X eIFE v004.009.000 and prior, are affected. It also states that version 004.010.000 includes a fix. The advisory describes a denial-of-service impact against network services via malicious IEC61850-MMS packets, while noting the breaker’s core functionality remains intact. No KEV entry was supplied.
Official resources
-
CVE-2025-0814 CVE record
CVE.org
-
CVE-2025-0814 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory ICSA-25-079-02 on 2025-02-11 (original release 1.0.0).