CVE-2025-9997

Summary

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricSaitel DR RTUall versions <= 11.06.29affected
Schneider ElectricSaitel DP RTUall versions <= 11.06.33affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References