← Back to home
ICSA-25-254-08  ·  Published 2025-09-09  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure

CVSS 4.5 MEDIUM

CVEs (2)

Remediations

  • The following versions of Enterprise Server, Enterprise Central, Workstation include a fix for these vulnerabilities: • 7.0.2.348 Step1: Locate the appropriate version for your system on the [EcoExpert Software Center](https://ecoxpert.se.com/software-center/building-automation/ebo-system/building-operation-2025-version-7.0). Step 2: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&productversion=7).
  • The following versions of Enterprise Server, Enterprise Central, Workstation include a fix for these vulnerabilities: • 6.0.4.10001 (CP8) Step1: Locate the appropriate version for your system on the [EcoExpert Software Center](https://ecoxpert.se.com/de/software-center/building-automation/ebo-system/building-operation-2024-version-6.0). Step 2: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&productversion=7).
  • The following versions of Enterprise Server, Enterprise Central, Workstation include a fix for these vulnerabilities: • 5.0.3.17009 (CP16) Step1: Locate the appropriate version for your system on the [EcoExpert Software Center](https://ecoxpert.se.com/de/software-center/building-automation/ebo-system/building-operation-2023-version-5.0). Step 2: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&productversion=7).
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: * Implement strong access controls to limit system access to authorized personnel. Use multi factor authentication if using EBO version 7.0 or later * Use firewalls to segregate networks and protect the building management system * Regularly monitor system activity * Ensure you are following [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&productversion=7).

Affected Vendors

Schneider Electric

Affected Products (18)

Schneider Electric · EcoStruxure™ Building Operation Enterprise Server >=7.x|<7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Enterprise Server 7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Enterprise Server >=6.x|<6.0.4.10001CP8
Schneider Electric · EcoStruxure™ Building Operation Enterprise Server 6.0.4.10001_CP8
Schneider Electric · EcoStruxure™ Building Operation Enterprise Server >=5.x|<5.0.3.17009CP16
Schneider Electric · EcoStruxure™ Building Operation Enterprise Server 5.0.3.17009_CP16
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central >=7.x|<7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central 7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central >=6.x|<6.0.4.10001CP8
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central 6.0.4.10001_CP8
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central >=5.x|<5.0.3.17009CP16
Schneider Electric · EcoStruxure™ Building Operation Enterprise Central 5.0.3.17009_CP16
Schneider Electric · EcoStruxure™ Building Operation Workstation >=7.x|<7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Workstation 7.0.2.348
Schneider Electric · EcoStruxure™ Building Operation Workstation >=6.x|<6.0.4.10001CP8
Schneider Electric · EcoStruxure™ Building Operation Workstation 6.0.4.10001_CP8
Schneider Electric · EcoStruxure™ Building Operation Workstation >=5.x|<5.0.3.17009CP16
Schneider Electric · EcoStruxure™ Building Operation Workstation 5.0.3.17009_CP16

Affected Sectors

Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more