PatchSiren cyber security CVE debrief
CVE-2025-3112 Schneider Electric CVE debrief
CVE-2025-3112 is a CWE-400 uncontrolled resource consumption issue in Schneider Electric Modicon Controllers M241 and M251. According to the CISA CSAF advisory, an authenticated malicious user can send a manipulated HTTPS Content-Length header to the webserver and cause denial of service. The advisory lists affected versions prior to 5.3.12.51 and notes that remediation is available.
- Vendor
- Schneider Electric
- Product
- Modicon Controllers M241
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-06-10
- Advisory updated
- 2025-07-08
Who should care
Industrial control system operators, Schneider Electric Modicon M241/M251 administrators, and OT security teams responsible for devices where the controller webserver is enabled or reachable. Organizations using EcoStruxure Machine Expert or EcoStruxure Automation Expert - Motion for firmware updates should also review the remediation path.
Technical summary
CVE-2025-3112 affects Schneider Electric Modicon Controllers M241 and M251 versions prior to 5.3.12.51. The issue is classified as CWE-400 (Uncontrolled Resource Consumption). The supplied advisory says an authenticated attacker with low privileges can manipulate the HTTPS Content-Length header sent to the webserver and trigger a denial of service. CISA lists the CVSS v3.1 vector as AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5 medium).
Defensive priority
Medium; prioritize remediation for any M241/M251 deployment where the webserver is enabled or exposed to broader network access.
Recommended defensive actions
- Update Modicon Controllers M241 to version 5.3.12.51 and reboot after applying the fix using EcoStruxure Automation Expert - Motion v24.1 or EcoStruxure Machine Expert v2.3 as directed by the vendor advisory.
- Update Modicon Controllers M251 to version 5.3.12.51 and reboot after applying the fix using EcoStruxure Automation Expert - Motion v24.1 or EcoStruxure Machine Expert v2.3 as directed by the vendor advisory.
- If you cannot remediate immediately, deactivate the webserver when it is not needed.
- Restrict access to the controllers by using protected environments, network segmentation, and firewall rules that block unauthorized access to ports 80/HTTP and 443/HTTPS.
- Use VPN tunnels for remote access, keep user management enabled, and use strong passwords.
- Use encrypted communication links and follow Schneider Electric's product-specific hardening guidance for Modicon and associated equipment.
Evidence notes
Primary evidence comes from CISA CSAF advisory ICSA-25-175-03 (published 2025-06-10, revised 2025-07-08). The advisory identifies Schneider Electric Modicon Controllers M241 and M251 as affected products, with versions prior to 5.3.12.51 impacted, and states that remediation is available in 5.3.12.51. The provided description and CVSS vector indicate a network-reachable denial-of-service condition requiring low-privilege authentication, caused by manipulated HTTPS Content-Length handling in the webserver. The revision history shows the July update added remediation availability via EcoStruxure Machine Expert v2.3 for updating M241/M251 firmware.
Official resources
-
CVE-2025-3112 CVE record
CVE.org
-
CVE-2025-3112 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-3112 was published in the CISA CSAF advisory ICSA-25-175-03 on 2025-06-10 and updated on 2025-07-08 when remediation availability was added for updating M241/M251 firmware.