Relion CVE-2025-2403

| EUVD-2025-19005 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-06-24 [email protected]
Information Disclosure
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19005
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 12:15 nvd
HIGH 7.5

DescriptionNVD

A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction.

AnalysisAI

CVE-2025-2403 is a network-based denial-of-service vulnerability affecting ABB Relion 670/650 and SAM600-IO series devices, caused by improper prioritization of network traffic over protection mechanisms. An unauthenticated attacker can remotely trigger this vulnerability to malfunction critical functions such as the Line Distance Communication Module (LDCM), potentially causing service disruption in power distribution systems. With a CVSS score of 7.5 and network-accessible attack vector, this represents a significant threat to industrial control systems, particularly in electrical grid infrastructure.

Technical ContextAI

The vulnerability stems from CWE-770 (Allocation of Resources Without Limits or Throttling), a resource management flaw where the device fails to implement proper traffic prioritization or rate limiting mechanisms. In the context of Relion 670/650 and SAM600-IO series—ABB's protective relay and I/O devices used in power system protection schemes—network packets are processed without appropriate queuing discipline or protection against traffic flooding. The LDCM (Line Distance Communication Module) relies on timely message delivery and proper resource allocation; improper prioritization allows denial-of-service conditions where legitimate protection communications are starved of resources, preventing proper operation of distance protection schemes critical to grid stability. The vulnerability is remotely exploitable (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), making it trivially accessible to network-adjacent threat actors.

RemediationAI

Immediate actions: (1) Restrict network access to Relion 670/650 and SAM600-IO devices—implement network segmentation to limit connectivity to authorized protection scheme networks only; (2) Deploy network-level rate limiting and DDoS mitigation on protection network switches if devices cannot be immediately patched; (3) Monitor for abnormal traffic patterns directed at these devices. Patch-based remediation: (1) Apply ABB security patches when released—contact ABB for patched firmware versions; (2) Coordinate patching with grid operations to minimize disruption (protection relays often require coordinated maintenance windows). Workarounds pending patches: (1) Implement access control lists (ACLs) restricting traffic to these devices to only authorized IED communicating partners; (2) Deploy network intrusion detection/prevention systems tuned to detect resource exhaustion patterns; (3) Enable device-level logging and alerting for traffic anomalies. Escalate to grid operations and CISA; consult ABB security bulletins and relevant ICS-CERT advisories for region-specific guidance.

Share

CVE-2025-2403 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy