PatchSiren cyber security CVE debrief
CVE-2025-2002 Schneider Electric CVE debrief
CVE-2025-2002 is a medium-severity information disclosure issue in Schneider Electric EcoStruxure Panel Server. According to the advisory, FTP server credentials can be exposed when FTP is deployed, the device is placed into debug mode by an administrative user, and debug files are exported from the device. Schneider Electric provides a fix in EcoStruxure Panel Server firmware v2.1 or later, with EcoStruxure Power Commission software v2.33.0 or later also called out for the upgrade process.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Panel Server
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-03-11
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-03-11
Who should care
Administrators and operators of Schneider Electric EcoStruxure Panel Server deployments, especially OT/ICS environments where debug mode may be used and debug exports are collected for support or troubleshooting. Security teams responsible for device hardening, credential management, and firmware updates should also prioritize review.
Technical summary
The source advisory maps this issue to CWE-532, insertion of sensitive information into log files. Affected product coverage in the CSAF entry is Schneider Electric EcoStruxure Panel Server version v2.0 and prior. The exposure condition described by the vendor and CISA involves FTP server deployment plus administrative use of debug mode and export of debug files, which can reveal FTP credentials. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, indicating local access, high privileges, and confidentiality impact.
Defensive priority
Medium. The issue requires privileged administrative actions and specific device conditions, but the disclosed impact is sensitive credential exposure in an industrial product. Apply the vendor fix where possible, and otherwise disable debug mode as recommended by the advisory.
Recommended defensive actions
- Upgrade EcoStruxure Panel Server firmware to version v2.1 or later.
- Upgrade EcoStruxure Power Commission software to version 2.33.0 or later as part of the remediation path.
- If remediation cannot be applied immediately, ensure debug mode is turned off to prevent credential exposure.
- Review any exported debug files for possible disclosure of FTP credentials and handle them as sensitive artifacts.
- Follow CISA industrial control system recommended practices for defense-in-depth and device hardening.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory ICSA-25-077-04 and the Schneider Electric security notice references in the source corpus. The advisory states: 'CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.' The CSAF identifies Schneider Electric EcoStruxure Panel Server version v2.0 and prior as affected and lists v2.1 or later as the fix.
Official resources
-
CVE-2025-2002 CVE record
CVE.org
-
CVE-2025-2002 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-03-11 in the CISA CSAF advisory ICSA-25-077-04 and the associated Schneider Electric security notice. No KEV entry is listed in the supplied corpus.