← Back to home
ICSA-16-061-01  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Schneider Electric Building Operation Automation Server Vulnerability

CVSS 7.2 HIGH

CVEs (1)

Remediations

  • Schneider Electric has released a new version of Automation Server firmware which remediates this vulnerability. The user is no longer allowed to operate the system with default credentials and the minimal “msh” shell can no longer be circumvented. Users should contact their authorized Schneider Electric service channel to access the firmware update.
  • For more information, please see Schneider Electric’s Security Notification number SEVD-2016-025-01 at the following location on their web site: (http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-025-01)

Affected Vendors

Schneider Electric

Affected Products (1)

Schneider Electric · Automation Server <=V1.7.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more