PatchSiren cyber security CVE debrief
CVE-2024-2658 Flexera CVE debrief
CVE-2024-2658 is a local privilege escalation issue disclosed by Revenera and republished by CISA/Schneider Electric. It affects multiple Schneider Electric EcoStruxure and related products, with several fixed versions available and interim hardening guidance for products that were not yet fully remediated at the time of publication.
- Vendor
- Flexera
- Product
- EcoStruxure™ Control Expert
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2026-04-02
- Advisory published
- 2025-01-14
- Advisory updated
- 2026-04-02
Who should care
Administrators and engineers responsible for Schneider Electric EcoStruxure deployments, especially shared engineering workstations, OT/ICS endpoints, and systems where authenticated local users can log on.
Technical summary
The advisory describes a potential local privilege escalation in FlexNet Publisher that impacts Schneider Electric software. The supplied CVSS data indicates local access with low attack complexity and no user interaction, and the vendor guidance emphasizes limiting authenticated user access, enforcing UAC, and following workstation/network/site hardening practices. Schneider Electric provided fixed versions for several products and later advisory revisions added additional remediations across the product line.
Defensive priority
High — prioritize engineering workstations and any OT endpoint where authenticated local access is possible, because the issue can lead to elevated privileges on affected systems.
Recommended defensive actions
- Upgrade affected Schneider Electric products to the vendor-fixed versions listed in the advisory, such as EcoStruxure Control Expert V16.2, Architecture Builder V7.0.18, Process Expert 2023 (v4.8.0.5715), OPC UA Server
- For products without an immediate fix at the time of deployment, apply Schneider Electric's mitigations: limit authenticated user access, enforce existing User Account Control practices, and follow the recommended hard-h
- Verify installed product versions against the advisory because coverage expanded across multiple revision cycles; some remediations were added after the initial publication.
- Reboot or restart the relevant service/system after installing updates where the vendor specifies it.
- For EcoStruxure Process Expert, follow the vendor installation guidance, including uninstalling the prior 2023 release before installing the fixed build where required.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-037-02 and the linked Schneider Electric security notice. The supplied source states that Revenera disclosed a potential local privilege escalation issue in FlexNet Publisher impacting Schneider Electric software. The advisory timeline shows the initial publication on 2025-01-14 and multiple later updates through 2026-04-02 that added remediation for additional products. The source corpus also contains both a CVSS v4.0 statement (8.5 High) and a CVSS v3.1 vector/score (7.8), so both are reflected in the corpus.
Official resources
-
CVE-2024-2658 CVE record
CVE.org
-
CVE-2024-2658 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-01-14 in the Revenera/Schneider Electric/CISA advisory set, with subsequent vendor and CISA updates adding more remediations through 2026-04-02.