← Back to home
ICSA-15-167-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

CVSS 5.0 MEDIUM

CVEs (1)

Remediations

  • Schneider Electric encourages all customers to upgrade their MPMs to the new Release 2.15 or higher to mitigate the risks associated with this vulnerability
  • It is important to plan and execute the upgrade procedures to avoid unnecessary downtime and re-engineering
  • If unsure about the risks associated with upgrading MPMs to the new firmware, please contact your account manager or technical support
  • Please see the MPM installation guide for more details about how to obtain and install firmware Version 2.15
  • It can be found at the following location (login required): (https://buildingsdownloads.schneider-electric.com/documents/10807/250220/MPM+Series+-+Installation+Sheet/6b83cb2c-6d93-4e41-9902-2d8e13936727)

Affected Vendors

Schneider Electric

Affected Products (1)

Schneider Electric · StruxureWare Building Expert MPM <2.15.

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more