PatchSiren cyber security CVE debrief
CVE-2023-4041 Silicon Labs CVE debrief
CVE-2023-4041 is a critical issue disclosed in Schneider Electric and CISA advisories on 2025-05-13 for PrismaSeT Active - Wireless Panel Server. The source advisory states the product is at end of life and that the risk can be reduced only through mitigations. The underlying weakness is described as a buffer overflow/out-of-bounds write and lack of integrity checking in a firmware update file parser, with potential for code injection and authentication bypass. Because the advisory says all versions are affected and the product is no longer supported, defenders should treat this as an urgent risk-reduction item rather than a patch-and-restart event.
- Vendor
- Silicon Labs
- Product
- PrismaSeT Active - Wireless Panel Server
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
OT/ICS defenders, site reliability and facilities teams using PrismaSeT Active - Wireless Panel Server, identity/access administrators managing Bluetooth-enabled field devices, and incident responders responsible for industrial control environments.
Technical summary
The CSAF advisory maps CVE-2023-4041 to Schneider Electric PrismaSeT Active - Wireless Panel Server (all versions). The CVE description attributes the flaw to Silicon Labs Gecko Bootloader on ARM firmware update file parser modules and identifies three related weakness classes: classic buffer overflow, out-of-bounds write, and download of code without integrity check. The advisory says this can enable code injection and authentication bypass. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a network-reachable, low-complexity issue with no privileges or user interaction required and high impact across confidentiality, integrity, and availability. Schneider Electric also states the product has reached end of life and is no longer supported.
Defensive priority
Immediate. This is a critical, remotely reachable issue on an end-of-life product, and the source provides mitigation-only guidance rather than a supported fix.
Recommended defensive actions
- Disable Bluetooth Low Energy (BLE) communication on the Wireless Panel Server when it is not in use.
- Review audit logs and EcoStruxure Facility Expert App security notifications regularly for unexpected behavior.
- Verify physical security around the Wireless Panel Server to reduce unauthorized Bluetooth pairing risk.
- Use only official Schneider Electric EcoStruxure Power Commission and EcoStruxure Facility Expert apps from Google Play or the Apple App Store.
- Do not use those apps on rooted or jail-broken mobile devices.
- Follow Schneider Electric's PrismaSeT Active - Wireless Panel Server cybersecurity recommendations linked in the advisory.
- Treat affected devices as end-of-life assets and plan operational replacement or compensating controls because no supported remediation is indicated in the source advisory.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-140-06 and Schneider Electric Security and Safety Notice SEVD-2025-133-04, both dated 2025-05-13. The CSAF lists Schneider Electric as vendor, PrismaSeT Active - Wireless Panel Server as the product, and all versions as affected. It also includes the vulnerability description, CVSS vector, and mitigation steps. The CVE record and NVD entry are included as official references; the debrief does not rely on any unsupported exploit or patch claims.
Official resources
-
CVE-2023-4041 CVE record
CVE.org
-
CVE-2023-4041 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by Schneider Electric and CISA on 2025-05-13.