CVE-2025-3756

April 13, 2026, 6:16 p.m.

7.1
High

Description

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation.  The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.     This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.

Product(s) Impacted

Vendor Product Versions
Abb
  • Ac800m
  • Symphony Plus Sd Series
  • Symphony Plus Mr
  • Splus Operations
  • 6.0.0-6.0.0303, 6.1.0-6.1.0031, 6.1.1-6.1.1004, 6.1.1-6.1.1202, 6.2.0-6.2.0006
  • A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005
  • 3.10-3.52
  • 2.1, 2.2, 2.3, 3.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a abb ac800m 6.0.0-6.0.0303 / / / / / / /
a abb ac800m 6.1.0-6.1.0031 / / / / / / /
a abb ac800m 6.1.1-6.1.1004 / / / / / / /
a abb ac800m 6.1.1-6.1.1202 / / / / / / /
a abb ac800m 6.2.0-6.2.0006 / / / / / / /
a abb symphony_plus_sd_series A_0 / / / / / / /
a abb symphony_plus_sd_series A_1 / / / / / / /
a abb symphony_plus_sd_series A_2.003 / / / / / / /
a abb symphony_plus_sd_series A_3.005 / / / / / / /
a abb symphony_plus_sd_series A_4.001 / / / / / / /
a abb symphony_plus_sd_series B_0.005 / / / / / / /
a abb symphony_plus_mr 3.10-3.52 / / / / / / /
a abb splus_operations 2.1 / / / / / / /
a abb splus_operations 2.2 / / / / / / /
a abb splus_operations 2.3 / / / / / / /
a abb splus_operations 3.3 / / / / / / /

References

https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&LanguageCode=en&DocumentPartId=&Action=Launch

Tags

[email protected]
CWE-1284
2026-04-13
CVE-2025-3756

CVSS Score

7.1 / 10

CVSS Data - 4.0

  • Attack Vector: ADJACENT
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: April 13, 2026, 6:16 p.m.
Last Modified: April 13, 2026, 6:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.