← Back to home
ICSA-25-077-03  ·  Published 2025-03-11  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure Power Automation System

CVSS 9.8 CRITICAL

CVEs (1)

Remediations

  • Hotfix WebHMI_Fix_users_for_Standard.V1 of WebHMI includes a fix for this vulnerability and can be obtained from Schneider Electric Customer Care Center.
  • In addition to the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: * Once the hotfix, WebHMI_Fix_users_for_Standard.V1, has been applied, we recommend ensuring that all hardening guidelines provided with the product are implemented to maintain best practices for defense in-depth. Specifically, the WebHMI should not be exposed to the internet. Contact Customer Care Center https://www.se.com/us/en/work/support/contacts.jsp for assistance is required.

Affected Vendors

Schneider Electric

Affected Products (3)

Schneider Electric · WebHMI <=4.1.0.0
Schneider Electric · EPAS User Interface <=2.6.30.19
Schneider Electric · WebHMI_Fix_users_for_Standard 1.0

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more