CVE-2025-3756: CWE-1284 Improper validation of specified quantity in input in ABB AC800M (System 800xA)
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function. This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.
AI Analysis
Technical Summary
This vulnerability involves improper validation of specified quantity in input (CWE-1284) within the IEC 61850 communication stack used by ABB AC800M (System 800xA) and related products. An attacker with network access can exploit this by sending crafted IEC 61850 packets that force PM 877, CI850, and CI868 modules into fault mode or cause unavailability of S+ Operations 61850 connectivity, leading to denial of service. The issue affects multiple product versions as listed, but the System 800xA IEC61850 Connect component is not affected. The vulnerability has a CVSS 4.0 base score of 7.1, indicating high severity, with attack vector being adjacent network and no privileges or user interaction required.
Potential Impact
Successful exploitation results in denial of service of the IEC 61850 communication interfaces on affected modules, disrupting 61850 connectivity. This does not affect the overall availability or functionality of the S+ Operations node beyond the communication function. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed—check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is documented, organizations should restrict access to IEC 61850 networks to trusted entities only and monitor for unusual communication patterns targeting the affected modules. No vendor advisory indicating 'no action required' or existing mitigation is provided.
CVE-2025-3756: CWE-1284 Improper validation of specified quantity in input in ABB AC800M (System 800xA)
Description
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function. This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper validation of specified quantity in input (CWE-1284) within the IEC 61850 communication stack used by ABB AC800M (System 800xA) and related products. An attacker with network access can exploit this by sending crafted IEC 61850 packets that force PM 877, CI850, and CI868 modules into fault mode or cause unavailability of S+ Operations 61850 connectivity, leading to denial of service. The issue affects multiple product versions as listed, but the System 800xA IEC61850 Connect component is not affected. The vulnerability has a CVSS 4.0 base score of 7.1, indicating high severity, with attack vector being adjacent network and no privileges or user interaction required.
Potential Impact
Successful exploitation results in denial of service of the IEC 61850 communication interfaces on affected modules, disrupting 61850 connectivity. This does not affect the overall availability or functionality of the S+ Operations node beyond the communication function. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed—check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is documented, organizations should restrict access to IEC 61850 networks to trusted entities only and monitor for unusual communication patterns targeting the affected modules. No vendor advisory indicating 'no action required' or existing mitigation is provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ABB
- Date Reserved
- 2025-04-17T10:42:33.414Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dd369e82d89c981f37511a
Added to database: 4/13/2026, 6:31:58 PM
Last enriched: 4/13/2026, 6:46:56 PM
Last updated: 4/15/2026, 4:34:39 PM
Views: 25
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.