Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Pro 4PM by Shelly

    CVE-2025-11243 (GCVE-0-2025-11243)

    Vulnerability from nvd – Published: 2025-11-19 06:50 – Updated: 2025-11-21 17:13
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
    Summary
    Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://www.nozominetworks.com/labs/vulnerability… third-party-advisory
    https://www.nozominetworks.com/blog/shelly-pro-4p… media-coveragetechnical-description
    https://www.cisa.gov/news-events/ics-advisories/i… government-resourcetechnical-description
    Impacted products
    Vendor Product Version
    Shelly Pro 4PM Affected: 0 , < 1.6 (semver)
    Create a notification for this product.
    Credits
    Gabriele Quagliarella at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T18:38:12.634658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T18:38:22.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pro 4PM",
              "vendor": "Shelly",
              "versions": [
                {
                  "lessThan": "1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:shelly:pro_4pm:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.6",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriele Quagliarella at Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.\u003cbr\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T17:13:21.290Z",
            "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
            "shortName": "Nozomi"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11243"
            },
            {
              "tags": [
                "media-coverage",
                "technical-description"
              ],
              "url": "https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities"
            },
            {
              "tags": [
                "government-resource",
                "technical-description"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6\u003cbr\u003e"
                }
              ],
              "value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "assignerShortName": "Nozomi",
        "cveId": "CVE-2025-11243",
        "datePublished": "2025-11-19T06:50:08.973Z",
        "dateReserved": "2025-10-02T14:06:12.008Z",
        "dateUpdated": "2025-11-21T17:13:21.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11243 (GCVE-0-2025-11243)

    Vulnerability from cvelistv5 – Published: 2025-11-19 06:50 – Updated: 2025-11-21 17:13
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
    Summary
    Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://www.nozominetworks.com/labs/vulnerability… third-party-advisory
    https://www.nozominetworks.com/blog/shelly-pro-4p… media-coveragetechnical-description
    https://www.cisa.gov/news-events/ics-advisories/i… government-resourcetechnical-description
    Impacted products
    Vendor Product Version
    Shelly Pro 4PM Affected: 0 , < 1.6 (semver)
    Create a notification for this product.
    Credits
    Gabriele Quagliarella at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T18:38:12.634658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T18:38:22.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pro 4PM",
              "vendor": "Shelly",
              "versions": [
                {
                  "lessThan": "1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:shelly:pro_4pm:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.6",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriele Quagliarella at Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.\u003cbr\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T17:13:21.290Z",
            "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
            "shortName": "Nozomi"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11243"
            },
            {
              "tags": [
                "media-coverage",
                "technical-description"
              ],
              "url": "https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities"
            },
            {
              "tags": [
                "government-resource",
                "technical-description"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6\u003cbr\u003e"
                }
              ],
              "value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "assignerShortName": "Nozomi",
        "cveId": "CVE-2025-11243",
        "datePublished": "2025-11-19T06:50:08.973Z",
        "dateReserved": "2025-10-02T14:06:12.008Z",
        "dateUpdated": "2025-11-21T17:13:21.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }