PatchSiren cyber security CVE debrief
CVE-2025-2442 Schneider Electric CVE debrief
CVE-2025-2442 is a medium-severity issue in Schneider Electric’s Trio™ Q Licensed Data Radio. According to the CISA advisory and Schneider Electric remediation notice, a malicious user with physical access can set the radio to factory default mode, creating a condition that may allow unauthorized access and impact confidentiality, integrity, and availability. Schneider Electric has issued firmware version 2.7.2 to address the issue.
- Vendor
- Schneider Electric
- Product
- Trio™ Q Licensed Data Radio
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-04-08
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-04-08
Who should care
OT/ICS asset owners, plant operators, maintenance teams, and field technicians responsible for Schneider Electric Trio™ Q Licensed Data Radio deployments, especially where devices may be physically reachable or handled during service.
Technical summary
The advisory identifies CWE-1188, initialization of a resource with an insecure default. The affected scope is Schneider Electric Trio™ Q Licensed Data Radio versions prior to 2.7.2. The published CVSS v3.1 vector is AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (6.8), reflecting that exploitation requires physical access but can lead to high impacts if the device is reset into its factory default mode. Vendor remediation is firmware 2.7.2, with verification guidance provided in the Trio Q Series Data Radio User Manual.
Defensive priority
Medium. The issue requires physical access, which lowers remote exposure, but the impact can be significant in operational environments if unauthorized local access is possible. Prioritize devices in shared, unattended, or field-deployed locations.
Recommended defensive actions
- Upgrade Trio™ Q Licensed Data Radio firmware to version 2.7.2 or later using the vendor-provided update package.
- Follow Section 10 Part J, Firmware Updating and Maintenance, in the Trio Q Series Data Radio User Manual to download, install, and verify the updated firmware.
- Verify firmware integrity using the hash published with the release notes before deployment.
- Restrict physical access to installed radios and place them in secure locations where practical.
- Securely dispose of radios when decommissioned to reduce the chance of unauthorized physical access.
- Use the vendor’s documented firmware update process and confirm the installed version after maintenance.
Evidence notes
The supplied CISA CSAF advisory (ICSA-25-107-01) and Schneider Electric references are both dated 2025-04-08, which is used here as the disclosure date. The affected product is listed as Schneider Electric Trio™ Q Licensed Data Radio version prior to 2.7.2. The vendor remediation explicitly names firmware v2.7.2 as the fix and provides update-verification guidance. No CISA KEV listing was included in the supplied data.
Official resources
-
CVE-2025-2442 CVE record
CVE.org
-
CVE-2025-2442 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Schneider Electric on 2025-04-08 as ICSA-25-107-01 / CVE-2025-2442. The supplied data does not list this CVE in CISA KEV.