ICSA-25-070-01
·
Published 2026-02-24
·
View on CISA ICS-CERT ↗
Schneider Electric Uni-Telway Driver (Update C)
CVSS 5.5
MEDIUM
CVEs (1)
Remediations
- For customers requiring the use of Uni-Telway driver, Schneider Electric recommends using following mitigations to reduce the risk of exploit: • McAfee Application and Change Control software for application control. Refer to the Cybersecurity Application Note available https://www.se.com/ww/en/download/document/EIO0000004778/. • Follow workstation, network and site-hardening guidelines in the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document. For customers not requiring the use of Uni-Telway driver, Schneider Electric recommends uninstalling the driver. Version 16.2 of EcoStruxure™ Control Expert, version 2025 of EcoStruxure™ Process Expert and version 3.63SP3 of OPC Factory Server do not include Uni-Telway driver by default anymore. This vulnerability is only affecting customers who have installed Uni-Telway driver.
Affected Vendors
Schneider Electric
Affected Products (8)
Schneider Electric
·
Uni-Telway driver
vers:all/*
Schneider Electric
·
EcoStruxure™ Control Expert
vers:all/*
Schneider Electric
·
EcoStruxure™ Control Expert
16.2
Schneider Electric
·
EcoStruxure™ Process Expert
vers:all/*
Schneider Electric
·
EcoStruxure™ Process Expert
2025
Schneider Electric
·
EcoStruxure™ Process Expert for AVEVA System Platform
vers:all/*
Schneider Electric
·
OPC Factory Server
vers:all/*
Schneider Electric
·
OPC Factory Server
3.63SP3
Affected Sectors
Commercial Facilities, Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more