CVE-2025-1070 Schneider Electric CVE debrief

Who should care

Organizations that operate Schneider Electric ASCO 5310 or ASCO 5350 remote annunciators, especially in industrial, facilities, utility, or other operational environments where the devices are network-connected or reachable over HTTP. Site operators, OT security teams, and maintenance teams responsible for device configuration and network segmentation should treat this as relevant.

Technical summary

The advisory identifies a CWE-434 unrestricted upload issue affecting all versions of the ASCO 5310 and ASCO 5350 remote annunciators. The provided impact statement says a malicious file download could render the device inoperable. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating network exposure, low attack complexity, required low privileges, no user interaction, and high integrity and availability impact. Schneider Electric’s mitigations focus on limiting network exposure, changing default passwords, and blocking unauthorized access to the device’s HTTP service on port 80.

Defensive priority

High. The issue is remotely reachable in typical networked deployments and has high integrity and availability impact. Because the vendor had no immediate fixed remediation at publication and instead recommended compensating controls, affected operators should prioritize exposure reduction and access control quickly.

Recommended defensive actions

• Restrict remote annunciators to a protected environment and ensure they are not reachable from the public internet or untrusted networks.
• Change default passwords on affected devices to reduce the risk of unauthorized access to settings and information.
• Implement network segmentation and firewall rules to block unauthorized access to the annunciator HTTP service on port 80.
• Review the Schneider Electric security notice and product installation manuals referenced in the advisory for deployment-specific guidance.
• Subscribe to Schneider Electric security notifications to track remediation availability and future updates.
• Use CISA industrial control system recommended practices and defense-in-depth guidance as part of the site’s compensating controls.

Evidence notes

Source evidence comes from CISA’s CSAF advisory ICSA-25-077-05 and Schneider Electric’s referenced security notice. The advisory lists affected products as all versions of ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator. The stated weakness is CWE-434 unrestricted upload of dangerous file type, with the impact that a malicious file download could render the device inoperable. Schneider Electric’s remediation section says a fix was being planned for future versions, and immediate mitigations include protected-environment deployment, password changes, and blocking unauthorized HTTP access on port 80. No KEV entry was provided in the supplied corpus.

Official resources