CVE-2025-3112 in Modicon Controllers M241
Summary
by MITRE • 06/10/2025
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/10/2025
This vulnerability represents a critical uncontrolled resource consumption issue classified as CWE-400 within the Common Weakness Enumeration framework. The flaw manifests when an authenticated malicious user exploits the webserver's handling of HTTPS Content-Length headers, creating a potential denial of service condition that can severely impact system availability and operational continuity. The vulnerability specifically targets the resource management mechanisms within web server implementations, where improper validation of content length parameters allows for excessive resource allocation.
The technical exploitation occurs through carefully crafted Content-Length header manipulation that bypasses normal input validation checks. When an authenticated user submits malformed or excessively large content length values, the webserver allocates resources proportional to these values without adequate bounds checking. This resource consumption can escalate to consume all available memory, CPU cycles, or other system resources, effectively rendering the service unavailable to legitimate users. The vulnerability is particularly dangerous because it requires only authenticated access, meaning that insiders or compromised accounts can trigger the denial of service condition.
From an operational perspective, this vulnerability poses significant risks to web server availability and business continuity. The impact extends beyond simple service disruption to potentially affect customer satisfaction, revenue generation, and organizational reputation. Attackers can leverage this vulnerability to perform sustained denial of service attacks that may require system restarts or manual intervention to resolve. The authenticated requirement reduces the attack surface compared to unauthenticated vulnerabilities but still represents a serious threat vector since legitimate users with compromised credentials can exploit this weakness.
Organizations should implement multiple layers of mitigation strategies to address this vulnerability effectively. Input validation controls must be strengthened to enforce strict bounds checking on Content-Length headers with predefined maximum limits. Rate limiting mechanisms should be deployed to monitor and restrict the frequency of requests containing suspicious content length values. Additionally, implementing proper resource monitoring and alerting systems can help detect unusual resource consumption patterns that may indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1499.004 for network denial of service and represents a classic example of resource exhaustion attacks that require careful attention to input sanitization and resource management practices. System administrators should also consider implementing web application firewalls and intrusion detection systems to identify and block malicious content length header manipulation attempts before they can cause significant damage to the web server infrastructure.