CVE-2025-0327

Summary

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Process ExpertVersions 2020R2affected
Schneider ElectricEcoStruxure Process ExpertVersions 2021 & 2023 (prior to v4.8.0.5715)affected
Schneider ElectricEcoStruxure Process Expert for AVEVA System PlatformVersions 2020R2affected
Schneider ElectricEcoStruxure Process Expert for AVEVA System PlatformVersions 2021 & 2023affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References