PatchSiren cyber security CVE debrief
CVE-2025-0813 Schneider Electric CVE debrief
CVE-2025-0813 is a medium-severity authentication bypass affecting Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) versions 2.1 through 2.9. The issue is specifically tied to an attacker who has physical access to the EPAS-UI computer and can reboot the workstation and interrupt the normal boot process. Schneider Electric states that version 2.10 includes a fix, and CISA published the advisory on 2025-03-18.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Power Automation System User Interface (EPAS-UI)
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-18
- Original CVE updated
- 2025-03-18
- Advisory published
- 2025-03-18
- Advisory updated
- 2025-03-18
Who should care
Industrial control system operators, plant engineers, OT administrators, and site security teams responsible for EPAS-UI deployments, especially where workstations are physically accessible or shared among multiple personnel.
Technical summary
The advisory describes an authentication bypass in EPAS-UI that can occur when an unauthorized user with no permission rights has physical access to the workstation, reboots it, and interrupts the normal boot process. The affected product range is EPAS-UI >= 2.1 and <= 2.9. The advisory lists CVSS v3.1 vector AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with a score of 6.8, reflecting that the attack requires physical proximity but can have high impact if successful.
Defensive priority
Medium, with higher urgency for environments where EPAS-UI workstations are not strictly controlled physically or where local access cannot be reliably prevented.
Recommended defensive actions
- Upgrade EcoStruxure Power Automation System User Interface (EPAS-UI) to version 2.10, which Schneider Electric identifies as the fixed release.
- If immediate upgrading is not possible, apply the vendor mitigation to rename C:\MCIS\Bin\MCIS.chm to MCIS.old and restart the machine, following the advisory instructions exactly.
- Restrict physical access to EPAS-UI workstations and prevent unauthorized users from reaching the console or reboot controls.
- Apply ICS segmentation and minimize network exposure for control-system devices, consistent with the CISA and Schneider Electric guidance referenced in the advisory.
- Use locked cabinets and other physical controls for controllers and related OT assets where applicable.
- Review local administrative access and workstation boot protections as part of site hardening, since the attack path depends on interrupting the normal boot process.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-077-01 for Schneider Electric EPAS-UI, published 2025-03-18 and unchanged in the supplied metadata. The source data identifies affected versions as EPAS-UI 2.1 through 2.9 and provides the vendor remediation to install version 2.10. The CVSS v3.1 vector in the supplied corpus is AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, supporting the physical-access dependency described in the advisory. No KEV entry is included in the provided corpus.
Official resources
-
CVE-2025-0813 CVE record
CVE.org
-
CVE-2025-0813 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-077-01 on 2025-03-18.