Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.
AnalysisAI
CVE-2018-25112 is an unauthenticated network-based Denial-of-Service vulnerability affecting IEC 61131-compliant Industrial Logic Controllers (ILCs). An attacker can exhaust device resources by flooding the controller with crafted network traffic, rendering it unresponsive. With a CVSS score of 7.5 (High severity), no authentication required, and network-accessible attack surface, this poses significant risk to industrial control systems; however, exploitation likelihood depends on network exposure and whether patches are available from affected vendors.
Technical ContextAI
The vulnerability exploits uncontrolled resource consumption (CWE-770) in devices implementing IEC 61131-3 industrial automation programming standard. ILC devices process network-based requests to manage industrial processes; the affected products lack proper input validation and rate-limiting mechanisms on network packet handling. When a flood of large or malformed packets arrives, the device's finite memory and CPU resources become exhausted attempting to process each request, causing the device to become unresponsive. The attack vector is Network (AV:N) with Low Complexity (AC:L), meaning no special conditions or tools are required—raw network traffic suffices. The lack of required privileges (PR:N) and user interaction (UI:N) makes this broadly exploitable against any exposed ILC on a network.
RemediationAI
Specific remediation steps: (1) Consult vendor security advisories for firmware/software patches released for CVE-2018-25112; vendors typically released patches in 2019-2020. (2) Apply available patches to affected ILC firmware versions immediately if internet-exposed. (3) Network-based mitigations: implement strict ingress filtering at network boundaries to rate-limit or block malformed traffic destined for ILC devices; deploy intrusion prevention systems (IPS) configured to detect DoS attack patterns. (4) Operational mitigations: segment ILC devices onto dedicated, protected VLANs with restricted access; disable unnecessary network services on ILC devices; implement redundancy/failover mechanisms to maintain availability if primary ILC is impacted. (5) Monitoring: implement NetFlow/SIEM alerting for abnormal traffic patterns toward ILC devices. Vendor patch links and specific versions must be obtained from Siemens, ABB, Beckhoff, and Phoenix Contact security advisories directly.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.
Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the
RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available
CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote auth
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to in
CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affect
Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.
Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0)
An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with sc
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2018-21599