PatchSiren cyber security CVE debrief
CVE-2025-46818 Schneider Electric CVE debrief
CVE-2025-46818 is a medium-severity issue affecting Schneider Electric ProLeiT Plant iT/Brewmaxx in the advisory published by CISA on 2026-01-13. Schneider Electric’s fix, ProLeiT-2025-001, is intended to reduce risk by disabling Redis eval commands on affected components and enforcing secure Redis configuration templates. The advisory applies to Application Server, VisuHub, Engineering Workstations, and workstations with emergency mode functionality.
- Vendor
- Schneider Electric
- Product
- ProLeiT
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-03-24
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-03-24
Who should care
Operators and administrators responsible for Schneider Electric ProLeiT Plant iT/Brewmaxx deployments should pay attention, especially teams managing Application Server, VisuHub, Engineering Workstations, and emergency-mode workstations in OT environments. Security teams supporting these systems should also verify patch status and Redis configuration.
Technical summary
The supplied CSAF advisory identifies CVE-2025-46818 with CVSS 3.1 vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N, indicating a locally reachable, high-complexity issue that requires low privileges and user interaction. The remediation states that patch ProLeiT-2025-001 disables Redis eval commands on specific ProLeiT components and instructs administrators to force secure Redis configuration templates and restart patched servers and workstations. The corpus does not provide a fuller root-cause narrative beyond the Redis-related mitigation.
Defensive priority
Moderate. The score is medium and the attack conditions are constrained, but the impact to confidentiality and integrity is high. Prioritize patching if you operate the affected ProLeiT versions or exposed Redis-related components in production OT environments.
Recommended defensive actions
- Install Schneider Electric patch ProLeiT-2025-001 through ProLeiT Support for affected systems.
- Apply the patch on Application Server, VisuHub, Engineering Workstations, and workstations with emergency mode functionality as applicable.
- Force the use of secure Redis configuration templates in system settings, as documented in the patch manual.
- Restart all patched servers and workstations after applying the fix.
- Verify whether your environment runs Schneider Electric ProLeiT Plant iT/Brewmaxx versions covered by the advisory, including vers:intdot/>=9.60 references in the CSAF record.
- Monitor CISA and Schneider Electric advisory pages for any follow-up revisions or additional guidance.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory metadata and listed references. The corpus explicitly links CVE-2025-46818 to Schneider Electric ProLeiT Plant iT/Brewmaxx and to patch ProLeiT-2025-001, with mitigation steps focused on disabling Redis eval commands and enforcing secure Redis templates. No exploit procedure, weaponized reproduction, or unsupported root-cause details are included.
Official resources
-
CVE-2025-46818 CVE record
CVE.org
-
CVE-2025-46818 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA’s CSAF advisory for CVE-2025-46818 was published on 2026-01-13 and republished on 2026-03-24 as part of the Schneider Electric CPCERT SEVD-2026-013-01 advisory update. No CISA KEV listing is provided in the supplied corpus.