ICSA-25-077-04
·
Published 2025-03-11
·
View on CISA ICS-CERT ↗
Schneider Electric EcoStruxure Panel Server
CVSS 6.0
MEDIUM
CVEs (1)
Remediations
- Version V2.1 or later of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/40739468-ecostruxure-panel-server/?parent-subcategory-id=4160#software-and-firmware Customers should download EcoStruxure Power Commission Software version 2.33.0 or later, and version V2.1 or later of EcoStruxure Panel Server firmware to complete the upgrade process.
- If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: * Ensuring that debug mode is off will prevent the credentials from being improperly exposed.
Affected Vendors
Schneider Electric
Affected Products (3)
Schneider Electric
·
EcoStruxure Panel Server
<=2.0
Schneider Electric
·
EcoStruxure Panel Server
>=2.1
Schneider Electric
·
EcoStruxure Power Commission
>=2.33.0
Affected Sectors
Commercial Facilities, Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more