CVE-2025-0813

Summary

CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Power Automation System User Interface (EPAS-UI) - Secured Versionsv2.1 up to and including v2.9affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References