Schneider Electric EcoStruxure Power Monitoring Expert

CVEs (5)

Remediations

• Hotfix_279338_Release_2024R2 is available for EcoStruxure Power Monitoring Expert (PME) 2024 R2 that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, CVE-2025-54926, CVE-2025-54927 and CVE-2025-54923. Contact Schneider Electric’s Customer Care Center for assistance applying this hotfix. In addition to applying the hotfixes noted above, you are encouraged to review the mitigations listed below.
• Customers should upgrade to the latest product offering EcoStruxure Power Monitoring Expert (PME) 2024 R2 and apply Hotfix_279338_Release_2024R2 that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, CVE-2025-54926, CVE-2025-54927 and CVE-2025-54923. Contact Schneider Electric’s Customer Care Center for assistance with obtaining EcoStruxure Power Monitoring Expert (PME) 2024 R2 and help applying this hotfix. In addition to applying the hotfix noted above, you are encouraged to review the mitigations listed below.
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Ensure your deployment of PME has followed the cybersecurity hardening guidelines provided with the product. https://product-help.schneider-electric.com/EcoStruxure/Power-Monitoring-Expert-2024/content/2_planning/cybersecurity/cyber-planningrecactions.htm Ensure PME is running in an isolated network. Deploy and configure the Windows firewall to limit access to appropriate network segments. Enforce complex password policies. Review Server Access Permissions: Conduct an audit of all Windows-authenticated users who currently have access to PME. Repeat this audit of your system periodically. Identify all accounts with access rights, especially those with elevated privileges or remote access. Limit access to essential users. Revoke access for any user accounts that are not critical for system functionality or day-to-day operations. Apply the principle of least privilege to ensure users have only the access needed for their role
• Hotfix_279338_Release_2024R2 is available for EcoStruxure Power Monitoring Expert (PME) 2024 R2 that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, CVE-2025-54926, CVE-2025-54927 and CVE-2025-54923. Contact Schneider Electric’s Customer Care Center to determine if you are running EcoStruxure Power Monitoring Expert (PME) 2024 OR EcoStruxure Power Monitoring Expert (PME) 2024 R2 as part of your solution. Customers running either of these versions of PME can work with Schneider Electric’s Customer Care Center for assistance to upgrade PME and/or apply the hotfix. Note: Customers who are running EcoStruxure Power Monitoring Expert (PME) 2024 should upgrade to EcoStruxure Power Monitoring Expert (PME) 2024 R2 then apply the hotfix.
• Customers should upgrade to EcoStruxure Power Monitoring Expert (PME) 2023 R2 and apply Hotfix_199767_release and Hotfix_273686_release.12.0 that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, and CVE-2025-54927. Contact Schneider Electric’s Customer Care Center for assistance applying these hotfixes. In addition to applying the hotfixes noted above, you are encouraged to review the mitigations listed below.
• Hotfix_199767_release and Hotfix_273686_release.12.0 are available for EcoStruxure Power Monitoring Expert (PME) that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, and CVE-2025-54927. Contact Schneider Electric’s Customer Care Center for assistance applying these hotfixes. In addition to applying the hotfixes noted above, you are encouraged to review the mitigations listed below.
• Hotfix_199767 and Hotfix_273686_release.12.0 is available for EcoStruxure Power Monitoring Expert (PME) 2023R2 that includes a fix for the vulnerabilities CVE-2025-54924, CVE-2025-54925, and CVE-2025-54927. Contact Schneider Electric’s Customer Care Center to determine if you are running EcoStruxure Power Monitoring Expert (PME) 2023R2 as part of your solution. Customers running this version of PME can work with Schneider Electric’s Customer Care Center for assistance applying this hotfix. OR Contact Schneider Electric’s Customer Care Center to determine if you are running EcoStruxure Power Monitoring Expert (PME) 2023 as part of your solution. Customers running this version of PME can work with Schneider Electric’s Customer Care Center for assistance upgrading to EcoStruxure Power Monitoring Expert (PME) 2023 R2 and then help applying the hotfix.
• EcoStruxure Power Monitoring Expert (PME) 2022 version has reached its end of life and is no longer supported. Customers should immediately apply the following mitigations to reduce the risk of exploit for CVE-2025-54924, CVE-2025-54925, and CVE-2025-54927:• Ensure your deployment of PME has followed the cybersecurity hardening guidelines provided with the product. https://product-help.schneider-electric.com/EcoStruxure/Power-Monitoring-Expert-2024/content/2_planning/cybersecurity/cyber-planningrecactions.htm • Ensure PME is running in an isolated network • Deploy and configure the Windows firewall to limit access to appropriate network segments. • Enforce complex password policies. • Review Server Access Permissions • Conduct an audit of all Windows-authenticated users who currently have access to PME. Repeat this audit of your system periodically. • Identify all accounts with access rights, especially those with elevated privileges or remote access. • Limit access to essential users only. • Revoke access for any user accounts that are not critical for system functionality or daily operations. • Apply the principle of least privilege to ensure users have only the access necessary for their role(s). Customers should also consider upgrading to the latest product offering EcoStruxure Power Monitoring Expert (PME) 2024 R2 to resolve this issue.

Affected Vendors

Affected Products (10)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy