Skip to main content

IoT EUVDEUVD-2018-21599

| CVE-2018-25112 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-06-04 info@cert.vde.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2018-21599
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
CVE Published
Jun 04, 2025 - 10:15 nvd
HIGH 7.5

DescriptionCVE.org

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.

AnalysisAI

CVE-2018-25112 is an unauthenticated network-based Denial-of-Service vulnerability affecting IEC 61131-compliant Industrial Logic Controllers (ILCs). An attacker can exhaust device resources by flooding the controller with crafted network traffic, rendering it unresponsive. With a CVSS score of 7.5 (High severity), no authentication required, and network-accessible attack surface, this poses significant risk to industrial control systems; however, exploitation likelihood depends on network exposure and whether patches are available from affected vendors.

Technical ContextAI

The vulnerability exploits uncontrolled resource consumption (CWE-770) in devices implementing IEC 61131-3 industrial automation programming standard. ILC devices process network-based requests to manage industrial processes; the affected products lack proper input validation and rate-limiting mechanisms on network packet handling. When a flood of large or malformed packets arrives, the device's finite memory and CPU resources become exhausted attempting to process each request, causing the device to become unresponsive. The attack vector is Network (AV:N) with Low Complexity (AC:L), meaning no special conditions or tools are required—raw network traffic suffices. The lack of required privileges (PR:N) and user interaction (UI:N) makes this broadly exploitable against any exposed ILC on a network.

RemediationAI

Specific remediation steps: (1) Consult vendor security advisories for firmware/software patches released for CVE-2018-25112; vendors typically released patches in 2019-2020. (2) Apply available patches to affected ILC firmware versions immediately if internet-exposed. (3) Network-based mitigations: implement strict ingress filtering at network boundaries to rate-limit or block malformed traffic destined for ILC devices; deploy intrusion prevention systems (IPS) configured to detect DoS attack patterns. (4) Operational mitigations: segment ILC devices onto dedicated, protected VLANs with restricted access; disable unnecessary network services on ILC devices; implement redundancy/failover mechanisms to maintain availability if primary ILC is impacted. (5) Monitoring: implement NetFlow/SIEM alerting for abnormal traffic patterns toward ILC devices. Vendor patch links and specific versions must be obtained from Siemens, ABB, Beckhoff, and Phoenix Contact security advisories directly.

More in IoT

View all
CVE-2025-45988 CRITICAL POC
9.8 Jun 13

A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

CVE-2026-29128 CRITICAL POC
10.0 Mar 05

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

CVE-2025-63624 CRITICAL POC
9.8 Feb 03

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the

CVE-2026-25139 CRITICAL POC
9.1 Feb 04

RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o

CVE-2025-5875 HIGH POC
8.8 Jun 09

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available

CVE-2025-34023 HIGH POC
8.5 Jun 20

CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote auth

CVE-2025-48466 HIGH POC
8.1 Jun 24

CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.

CVE-2026-27177 HIGH POC
7.2 Feb 18

MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to in

CVE-2025-7503 CRITICAL
10.0 Jul 11

CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affect

CVE-2025-64090 CRITICAL
10.0 Jan 09

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

CVE-2026-1633 CRITICAL
10.0 Feb 04

Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0)

CVE-2025-40805 CRITICAL
10.0 Jan 13

An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with sc

Share

EUVD-2018-21599 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy