PatchSiren cyber security CVE debrief
CVE-2025-49844 Schneider Electric CVE debrief
CVE-2025-49844 is a critical advisory for Schneider Electric ProLeiT Plant iT/Brewmaxx. The source material ties the issue to a patch that disables Redis eval commands across several ProLeiT components, indicating a high-impact flaw that can be addressed through vendor-provided remediation. The published CVSS vector is 10.0/CRITICAL, reflecting network attackability, no privileges required, no user interaction, changed scope, and high impact to confidentiality, integrity, and availability. Because the official material emphasizes configuration hardening and patching, defenders should treat this as an urgent maintenance item for exposed or operational ProLeiT environments, especially where the affected application server, VisuHub, engineering workstations, or emergency-mode workstations are in use.
- Vendor
- Schneider Electric
- Product
- ProLeiT
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-03-24
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-03-24
Who should care
Industrial control system operators, OT security teams, and administrators responsible for Schneider Electric ProLeiT Plant iT/Brewmaxx deployments, especially environments using the affected components listed in the vendor patch guidance.
Technical summary
The supplied advisory data indicates a critical remote issue affecting Schneider Electric ProLeiT Plant iT/Brewmaxx versions at or above the affected range described in the CSAF record. The vendor remediation for Patch ProLeiT-2025-001 specifically instructs administrators to disable Redis eval commands on the Application Server, VisuHub, Engineering Workstations, and Workstations with emergency mode functionality, force secure Redis configuration templates, and restart patched servers and workstations. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, so the risk profile is consistent with a remotely reachable, no-authentication, no-user-interaction issue with severe enterprise impact.
Defensive priority
Immediate. Apply the vendor patch and configuration changes as soon as practical, then validate that secure Redis templates are enforced and all patched systems are restarted.
Recommended defensive actions
- Install Patch ProLeiT-2025-001 from Schneider Electric support.
- Disable Redis eval commands on the affected ProLeiT components exactly as directed in the patch guidance.
- Force secure Redis configuration templates in system settings as documented by the vendor.
- Restart all patched servers and workstations after applying the fix.
- Verify which ProLeiT Plant iT/Brewmaxx systems are in scope, including Application Server, VisuHub, Engineering Workstations, and emergency-mode workstations.
- Monitor for any abnormal activity on affected OT assets until remediation is complete.
Evidence notes
Evidence is drawn from the CISA CSAF advisory record ICSA-26-083-03 and its referenced Schneider Electric SEVD-2026-013-01 notice. The source corpus explicitly lists the affected product family as Schneider Electric ProLeiT Plant iT/Brewmaxx and names Patch ProLeiT-2025-001 as the remediation. The remediation text specifically calls out disabling Redis eval commands on multiple components, forcing secure Redis configuration templates, and restarting patched systems. The advisory metadata also provides the CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H and critical severity.
Official resources
-
CVE-2025-49844 CVE record
CVE.org
-
CVE-2025-49844 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published the advisory on 2026-01-13 and later republished it on 2026-03-24 to reflect the Schneider Electric CPCERT SEVD-2026-013-01 advisory. The CVE record also points readers to the official CVE.org entry for additional信息.