← Back to home
ICSA-25-079-01  ·  Published 2026-06-02  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure (Update A)

CVSS 7.8 HIGH

Risk Summary

Schneider Electric is aware of a vulnerability in its EcoStruxure Process Expert, EcoStruxure Process Expert for AVEVA System Platform products. The EcoStruxure Process Expert, EcoStruxure Process Expert for AVEVA System Platform products are engineering tools that facilitates and automates the design, maintenance, commissioning, and operation of Control projects for Modicon controllers and the associated Supervision projects for SCADA software regrouped in a system.. Failure to apply the Fix/Mitigations provided below may risk a local privilege escalation, which could result in loss of confidentiality, integrity and availability of the engineering workstation.

CVEs (1)

Remediations

  • Version v4.8.0.5715 of EcoStruxure Process Expert 2023 Software Package includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/65406-ecostruxure-processexpert/#software-and-firmware. Uninstall Previous Version 2023 (v4.8.0.5115) before installing Version 2023 (v4.8.0.5715). Version string could be found on engineering server console.
  • Version 2025 of EcoStruxure Process Expert for AVEVA System Platform 2025 Software Package includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/55570689-ecostruxure-process-expert-for-aveva-system-platform/#software-and-firmware
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:• Allow execute permission for service control Windows utility only to admin user.• McAfee Application and Change Control software for application control to allow execution of whitelisted applications only. Refer to the Cybersecurity Application Note available https://www.se.com/ww/en/download/document/EIO0000004778/
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Allow only admin user to configure windows service by restricting execute permission of sc.exe windows utility. • McAfee Application and Change Control software for application control to allow execution of whitelisted applications only. Refer to the Cybersecurity Application Note available https://www.se.com/ww/en/download/document/EIO0000004778/

Affected Vendors

Schneider Electric

Affected Products (8)

Schneider Electric · EcoStruxure Process Expert 2020_R2
Schneider Electric · EcoStruxure Process Expert 2021
Schneider Electric · EcoStruxure Process Expert 2023 vers:intdot/<4.8.0.5715
Schneider Electric · EcoStruxure Process Expert for AVEVA System Platform 2020_R2
Schneider Electric · EcoStruxure Process Expert for AVEVA System Platform 2021
Schneider Electric · EcoStruxure Process Expert for AVEVA System Platform 2023
Schneider Electric · EcoStruxure Process Expert for AVEVA System Platform 2025
Schneider Electric · EcoStruxure Process Expert 2023 4.8.0.5715

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more