CVE-2025-0327
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | EcoStruxure Process Expert | Versions 2020R2 | affected |
| Schneider Electric | EcoStruxure Process Expert | Versions 2021 & 2023 (prior to v4.8.0.5715) | affected |
| Schneider Electric | EcoStruxure Process Expert for AVEVA System Platform | Versions 2020R2 | affected |
| Schneider Electric | EcoStruxure Process Expert for AVEVA System Platform | Versions 2021 & 2023 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.