Enerlin'X IFE and eIFE

Monitor6.5SEVD-2025-042-04Feb 11, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Enerlin'X IFE and eIFE products contain an input validation vulnerability (CWE-20) that can cause a Denial of Service condition. The devices enable Masterpact, PowerPact, and Compact circuit breakers to connect to Ethernet networks for IEC61850 services. Exploitation causes the interfaces to become unavailable and requires manual device reboot to restore service.

What this means

What could happen

An attacker could cause the Enerlin'X interface to become unavailable, disrupting IEC61850 network communication for circuit breaker monitoring and control until the device is manually rebooted.

Who's at risk

Energy utilities operating Masterpact, PowerPact, or Compact circuit breakers connected to Ethernet networks via Enerlin'X IFE or eIFE gateway interfaces for monitoring and remote control.

How it could be exploited

An attacker with network access to the Enerlin'X IFE or eIFE device could send specially crafted input that triggers a failure in input validation, causing the device to stop responding to IEC61850 commands and requests. This requires reboot to restore functionality.

Prerequisites

Network access to the Enerlin'X IFE or eIFE device on the Ethernet interface
No authentication required

remotely exploitableno authentication requiredlow complexityaffects circuit breaker network availability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Enerlin'X IFE interface (LV434001) All VersionsAll versions004.010.000

Enerlin'X eIFE (LV851001) All VersionsAll versions004.010.000

Enerlin'X IFE interface≤ 004.009.000004.010.000

Enerlin'X eIFE v004.009.000 and prior≤ 004.009.000004.010.000

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Enerlin'X IFE and eIFE firmware to version 004.010.000 or later using the EcoStruxure Power Commission tool

CVEs (3)

CVE-2025-0816 CVE-2025-0815 CVE-2025-0814

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f5b62ff2-8326-49b8-9b7e-0139a0ed951b