Schneider Electric EcoStruxure Process Expert (Update A)

Risk Summary

Schneider Electric is aware of a vulnerability in its EcoStruxureTM Process and EcoStruxure™ Process Expert for AVEVA System Platform products. The EcoStruxureTM Process is a single automation system to engineer, operate, and maintain your entire infrastructure for a sustainable, productive and market-agile plant. The EcoStruxure™ Process Expert for AVEVA System Platform product enables users to achieve operational profitability from design engineering to meeting the demands of modern-day production. It provides an asset centric and object-oriented automation platform to deploy system-wide standards in a digital ecosystem. Failure to apply the Fix/Mitigations provided below may risk modification of the executable binaries, which could result in privilege escalation.

CVEs (1)

Remediations

• Version 2025 of EcoStruxure™ Process Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/65406-ecostruxure-process-expert
• Version 2025 of EcoStruxure™ Process Expert for AVEVA System Platform includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/55570689-ecostruxure-process-expert-for-aveva-system-platform/#software-and-firmware
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:• Recommended to apply application whitelisting at system level to allow execution of authenticated applications. More details available here: https://www.se.com/ww/en/download/document/EIO0000004778/ • Recommended to allow access to the system only to the required users.

Affected Vendors

Affected Products (4)

Affected Sectors

Critical Manufacturing, Energy, Commercial Facilities