ICSA-25-153-01
·
Published 2025-06-03
·
View on CISA ICS-CERT ↗
Schneider Electric Wiser Home Automation
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to inject code or bypass authentication.
CVEs (1)
Remediations
- The Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket products have reached their end of life and are no longer supported. Users should immediately either disable the firmware update in the Zigbee Trust Center or remove the products from service to reduce the risk of exploitation.
- To stay informed about all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service here: https://www.se.com/en/work/support/cybersecurity/securitynotifications.jsp
Affected Vendors
Schneider Electric
Affected Products (2)
Schneider Electric
·
Wiser AvatarOn 6K Freelocate
vers:all/*
Schneider Electric
·
Wiser Cuadro H 5P Socket
vers:all/*
Affected Sectors
Commercial Facilities, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more