← Back to home
ICSA-25-014-02  ·  Published 2025-07-08  ·  View on CISA ICS-CERT ↗

Schneider Electric Vijeo Designer and EcoStruxureâ„¢ Machine Expert (Update A)

CVSS 7.8 HIGH

CVEs (1)

Remediations

  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:Limit authenticated user access to the workstation running Vijeo Designer and implement existing User Account Control practices. • Remove the write permissions for “Everyone” on the folder “C:\Program Files (x86)\Schneider Electric\VijeoDesigner 6.3\Vijeo-Runtime” • Follow workstation, network and site-hardening guidelines in the Recommended Cybersecurity Best Practices guide available for download here.
  • Vijeo Designer version 6.3.2.16 delivered with EcoStruxure™ Machine Expert v2.3 includes a fix for this vulnerability. EcoStruxure™ Machine Expert v2.3 is available via the Schneider Electric Software Installer: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER On the engineering workstation, install v2.3 of EcoStruxure™ Machine Expert.
  • Version V6.3 SP1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3 SP1 of Vijeo Designer.

Affected Vendors

Schneider Electric

Affected Products (5)

Schneider Electric · Vijeo Designer <6.3_SP1
Schneider Electric · Vijeo Designer 6.3_SP1
Schneider Electric · Vijeo Designer 6.3.2.16
Schneider Electric · EcoStruxure™ Machine Expert <2.3
Schneider Electric · EcoStruxure™ Machine Expert 2.3

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more