← Back to home
ICSA-25-035-04  ·  Published 2025-04-08  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A)

CVSS 7.5 HIGH

CVEs (1)

Remediations

  • SV4.30 of Modicon M580 firmware includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware
  • SV4.21 of Modicon M580 firmware includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware
  • SV4.02.01 of BMENOR2200H firmware includes a fix for this vulnerability and is available here: https://www.se.com/ww/en/product/BMENOR2200H/communication-module-modicon-m580-iec-608705101-104-dnp3-for-severe-environments/
  • V1.3.10 of EVLink Pro AC firmware includes a fix for this vulnerability and is available here: https://www.se.com/ww/en/product-range/23107242-evlink-pro-ac/#software-and-firmware
  • • Setup network segmentation and implement a firewall to block all unauthorized access to port 443/TCP • Configure the Access Control List following the recommendations of the user manuals: “Modicon M580, Hardware, Reference Manual”: https://www.se.com/ww/en/download/document/EIO0000001578/
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit.• Setup network segmentation and implement a firewall to block all unauthorized access to port 443/TCP
  • • Follow EVlink Pro AC cybersecurity guide https://www.se.com/ww/en/download/document/GEX5261101/

Affected Vendors

Schneider Electric

Affected Products (8)

Schneider Electric · Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) vers:all/<SV4.30
Schneider Electric · Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) SV4.30
Schneider Electric · Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) vers:all/<SV4.21
Schneider Electric · Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) SV4.21
Schneider Electric · BMENOR2200H <SV4.02.01
Schneider Electric · BMENOR2200H SV4.02.01
Schneider Electric · EVLink Pro AC vers:all/<1.3.10
Schneider Electric · EVLink Pro AC 1.3.10

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more