PatchSiren cyber security CVE debrief
CVE-2025-1058 Schneider Electric CVE debrief
CVE-2025-1058 is a high-severity firmware integrity issue affecting Schneider Electric ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator, all versions listed in the advisory. The issue is described as CWE-494: Download of Code Without Integrity Check, and malicious firmware could render the device inoperable. Schneider Electric’s notice says a remediation plan is being established for future versions, but at publication the guidance focused on immediate mitigations such as limiting exposure, changing default passwords, and blocking unauthorized HTTP access.
- Vendor
- Schneider Electric
- Product
- ASCO 5310 Single-Channel Remote Annunciator
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-02-11
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-02-11
Who should care
OT/ICS asset owners, plant and facilities teams, system integrators, network and firewall administrators, and incident responders responsible for Schneider Electric ASCO 5310/5350 remote annunciators.
Technical summary
The advisory describes a code-download integrity weakness in which malicious firmware may be accepted without sufficient integrity validation. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating network-reachable impact, low attack complexity, required privileges, no user interaction, and high integrity and availability impact. The vendor and CISA references identify two affected product families: ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator, both listed as affected in all versions.
Defensive priority
High priority for any environment where these annunciators are reachable from operational, enterprise, or untrusted networks, because the advisory indicates a path to device inoperability and no fixed remediation was available at publication.
Recommended defensive actions
- Inventory all Schneider Electric ASCO 5310 and ASCO 5350 remote annunciators and confirm whether they are exposed to non-trusted networks.
- Place the devices in a protected environment and avoid any public internet exposure.
- Change default passwords on the annunciators to reduce unauthorized access risk.
- Segment the network and use firewall rules to block unauthorized access to port 80/HTTP.
- Apply vendor remediation when Schneider Electric releases it for future versions.
- Subscribe to Schneider Electric security notifications to receive advisory updates and remediation status.
Evidence notes
CISA CSAF advisory ICSA-25-077-05 and Schneider Electric security notice SEVD-2025-042-01 both describe the issue as CWE-494 and list the affected products as Schneider Electric ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator, all versions. The advisory states that malicious firmware downloads could render the device inoperable and that Schneider Electric was establishing a remediation plan for future versions. The mitigation text in the source specifically recommends protected deployment, password changes, network segmentation, and blocking unauthorized access to port 80/HTTP.
Official resources
-
CVE-2025-1058 CVE record
CVE.org
-
CVE-2025-1058 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-11 through CISA advisory ICSA-25-077-05 and Schneider Electric notice SEVD-2025-042-01. The source record shows an original release revision on the same date.