CVE-2025-6788

Summary

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure™ Power Monitoring Expert2023 < Allaffected
Schneider ElectricEcoStruxure™ Power Monitoring Expert2023 R2 < Allaffected
Schneider ElectricEcoStruxure™ Power Monitoring Expert2024 < Allaffected
Schneider ElectricEcoStruxure™ Power Monitoring Expert2024 R2 < Allaffected
Schneider ElectricEcoStruxure™ Power Operation Advanced Reporting and Dashboards Module2022 w/ Advanced Reporting Module < Allaffected
Schneider ElectricEcoStruxure™ Power Operation Advanced Reporting and Dashboards Module2024 w/ Advanced Reporting Module < Allaffected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References