PatchSiren cyber security CVE debrief
CVE-2024-12703 Schneider Electric CVE debrief
CVE-2024-12703 is a CWE-502 deserialization of untrusted data issue in Schneider Electric RemoteConnect and SCADAPack™ x70 Utilities. According to the CISA CSAF advisory ICSA-25-028-06, a non-admin authenticated user opening a malicious project file can trigger loss of confidentiality and integrity, with potential remote code execution on the workstation. The advisory was first published on 2025-01-14 and later updated on 2026-01-29. Schneider Electric states that RemoteConnect versions prior to R3.4.2 are affected and that RemoteConnect R3.4.2 includes a fix. Security Administrator is also listed as affected across all versions, with mitigations provided while a remediation plan is pending.
- Vendor
- Schneider Electric
- Product
- RemoteConnect and SCADAPack™ x70 Utilities - RemoteConnect
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2026-01-29
- Advisory published
- 2025-01-14
- Advisory updated
- 2026-01-29
Who should care
Organizations that use Schneider Electric RemoteConnect or SCADAPack™ x70 Utilities, especially engineering, operations, and support teams that open or exchange project files. Security teams responsible for workstation hardening, file integrity controls, and ICS software patch management should prioritize this advisory.
Technical summary
The vulnerability is a deserialization weakness in project file handling. The described attack path requires a non-admin authenticated user to open a malicious project file, at which point the flaw can affect confidentiality and integrity and may lead to remote code execution on the workstation. The advisory maps the issue to CWE-502 and lists CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (7.8 HIGH). A fixed RemoteConnect release is available in R3.4.2; Security Administrator remains pending remediation, with interim mitigations recommended by the vendor.
Defensive priority
High priority. Apply the RemoteConnect fix promptly if the product is in use, and for Security Administrator use the vendor mitigations until an updated release is available. Because the trigger involves opening a malicious project file, file provenance and integrity controls are immediately relevant.
Recommended defensive actions
- Upgrade RemoteConnect to version R3.4.2 or later using the vendor-provided fix.
- For Security Administrator, apply Schneider Electric's interim mitigations until a remediation is released.
- Only open project files from trusted sources.
- Compute and verify file hashes before opening project files.
- Encrypt stored project files and restrict access to trusted users only.
- Use secure communication protocols when exchanging files over the network.
- Follow Schneider Electric's SCADAPack™ Security Guidelines and CISA ICS recommended practices.
Evidence notes
All claims are drawn from the supplied CISA CSAF advisory metadata and the referenced Schneider Electric notice. The affected versions, remediation status, and mitigation language come from the advisory content; the CVSS vector and CWE mapping come from the provided source corpus. No exploit details beyond the advisory's user-opening scenario are included.
Official resources
-
CVE-2024-12703 CVE record
CVE.org
-
CVE-2024-12703 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-01-14 and republished it on 2026-01-29 after Schneider Electric's update. The source corpus does not provide a separate public exploit disclosure date.