PatchSiren cyber security CVE debrief
CVE-2025-9317 Schneider Electric CVE debrief
CVE-2025-9317 affects Schneider Electric software tied to AVEVA components, including EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio. The disclosed issue centers on passwords being stored as MD5 hashes, which could let an attacker with read access to Edge Project files or Edge Offline Cache files recover app-native or Active Directory passwords through computational brute-force attacks against weak hashes. The advisory was published on 2025-11-11 and is rated High severity with a CVSS v3.1 score of 8.4.
- Vendor
- Schneider Electric
- Product
- Pro-face
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-13
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-11-13
- Advisory updated
- 2025-11-13
Who should care
Organizations using EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio, especially teams that store, distribute, back up, or exchange project files and offline cache files. Security, engineering, and operations teams responsible for access control, file handling, and password management should treat this as a priority.
Technical summary
The vulnerability is a password-hash weakness: credentials associated with project data are stored with MD5, which is unsuitable for protecting passwords. According to the advisory, a miscreant with read access to Edge Project files or Edge Offline Cache files could use offline brute-force computation against the weak hashes to recover user passwords. The supplied CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) indicates local access, low privileges, no user interaction, and potential impact to confidentiality and integrity across scope.
Defensive priority
High. The issue is easy to exploit once an attacker has read access to the affected files, and the potential outcome is credential recovery. Apply vendor fixes promptly and tighten project-file handling until remediation is complete.
Recommended defensive actions
- Install Version 2023.1 Patch 1 of EcoStruxure Machine SCADA Expert.
- Install Version 2023.1 Patch 1 of Pro-face BLUE Open Studio.
- Apply ACLs to all folders where users save or load project files.
- Maintain a trusted chain of custody for project files during creation, modification, distribution, backups, and use.
- Enable project-level data protection with a strong master password.
- Remove passwords used as function parameters inside project documents and use project tags instead, where applicable.
Evidence notes
All claims above are supported by the supplied CISA CSAF advisory for ICSA-25-322-01 and the embedded Schneider Electric/AVEVA advisory references. The corpus explicitly states the MD5-hash weakness, the affected products, the file types involved, the mitigation steps, the vendor fix versions, and the CVSS v3.1 vector and score. Timing context uses the supplied CVE published/modified date of 2025-11-11; no separate generation or review date is treated as the disclosure date.
Official resources
-
CVE-2025-9317 CVE record
CVE.org
-
CVE-2025-9317 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Disclosed by AVEVA Group Limited in a component that impacts Schneider Electric software; CISA published the corresponding advisory on 2025-11-11.