PatchSiren cyber security CVE debrief
CVE-2023-50447 Schneider Electric CVE debrief
CVE-2023-50447 is a high-severity advisory published by CISA on 2025-07-22 and updated on 2026-02-25. The supplied source ties it to Schneider Electric EcoStruxure Power Operation (EPO) 2022 through CU6 and EPO 2024 through CU1, while the CVE description says Pillow 10.1.0’s PIL.ImageMath.eval can allow arbitrary code execution via the environment parameter, distinct from CVE-2022-22817.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Power Operation (EPO) 2022
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-22
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-07-22
- Advisory updated
- 2026-02-25
Who should care
Schneider Electric EcoStruxure Power Operation operators, OT/ICS administrators, integrators, and defenders responsible for systems that use the affected EPO releases or the related PostgreSQL-dependent features.
Technical summary
The advisory’s CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1 HIGH), indicating a network-reachable issue with no privileges or user interaction required, but with high attack complexity. The source describes an arbitrary-code-execution condition in PIL.ImageMath.eval through the environment parameter and distinguishes it from CVE-2022-22817, which involved the expression parameter. The remediation guidance focuses on vendor updates, PostgreSQL hardening, and standard ICS isolation practices.
Defensive priority
High — prioritize affected EPO deployments and any systems using the referenced components, especially where patching or PostgreSQL changes are pending.
Recommended defensive actions
- Apply Schneider Electric’s vendor remediation for the affected EPO release; the source states that EcoStruxure Power Operation 2022 CU7 includes an updated PostgreSQL version.
- Follow Schneider Electric’s guidance to back up systems and test patches in a non-production or offline environment before deployment.
- If waveform analysis and ETAP simulation features are not used, uninstall PostgreSQL as recommended in the advisory.
- If waveform analysis or ETAP simulation features are used, restrict PostgreSQL connections to localhost only and update PostgreSQL 14.10 to 14.17 or later, per the advisory.
- Segment control and safety networks behind firewalls and minimize Internet exposure for affected systems.
- Use secure remote-access methods such as VPNs only when needed, and keep them current.
- Consult the Schneider Electric support contacts and linked security advisory for release-specific recovery and removal guidance.
Evidence notes
All substantive claims come from the supplied CSAF source item and its referenced official links. The corpus explicitly lists the affected products, the revision history (initial publication on 2025-07-22 and Update A on 2026-02-25), the CVSS vector, the Pillow ImageMath.eval description, and the vendor remediation guidance. The source text does not explain the component relationship between Schneider Electric EPO and Pillow, so this debrief avoids asserting details beyond what is stated. No KEV entry, exploitation-in-the-wild note, or ransomware linkage was provided.
Official resources
-
CVE-2023-50447 CVE record
CVE.org
-
CVE-2023-50447 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA’s CSAF advisory on 2025-07-22 and revised with Update A on 2026-02-25. The provided enrichment indicates no Known Exploited Vulnerabilities listing.