These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-6866 is a CWE-1188 Initialization of a Resource with an Insecure Default vulnerability in Schneider Electric's EcoStruxure Panel Server. The vulnerability has a CVSS v4.0 Base Score of 7.5 and could cause unauthorized disclosure of sensitive information when credentials revert to initial settings. This vulnerability exists in multiple versions of the EcoStruxure Panel Server, including PAS800, PA [truncated]
CVE-2026-2273 is a Schneider Electric EcoStruxure Automation Expert code-injection issue that can run untrusted commands on an engineering workstation when an authenticated user opens a malicious project file. The vendor says this can cause a limited compromise of the workstation and downstream confidentiality, integrity, and availability impact on connected systems. Schneider Electric states that version [truncated]
CVE-2026-1286 is a deserialization of untrusted data issue in Schneider Electric EcoStruxure Foxboro DCS. According to the advisory, a malicious project file can trigger the flaw when an authenticated admin user opens it, creating risk to confidentiality, integrity, and potentially remote code execution on the workstation.
CVE-2025-13902 is a cross-site scripting issue in Schneider Electric Modicon controller web interfaces. According to the advisory, an authenticated attacker can plant a malicious element so that a victim’s browser runs arbitrary JavaScript when hovering over it. Schneider Electric states that firmware 5.4.13.12, delivered with EcoStruxure Machine Expert v2.5.0.1, includes the fix for M241 and M251; the ad [truncated]
CVE-2025-13901 is an unauthenticated, network-reachable denial-of-service issue in Schneider Electric Modicon M241, M251, and M262 systems. According to the advisory, a malicious payload can occupy active communication channels in the Machine Expert protocol, leading to partial loss of availability. Schneider Electric and CISA list fixed firmware builds and recommend both software updates and network hard [truncated]
CVE-2025-11739 is a high-severity unsafe deserialization issue in Schneider Electric EcoStruxure Power Monitoring Expert (PME) and related EcoStruxure Power Operation (EPO) reporting/dashboard components. A locally authenticated attacker who can send a crafted data stream may trigger arbitrary code execution with administrative privileges. The advisory was published on 2026-03-10 and republished by CISA o [truncated]
Schneider Electric disclosed CVE-2025-13957 on 2026-03-10, with a CISA republication update on 2026-03-17. The issue affects EcoStruxure IT Data Center Expert versions through 9.0, while v9.1 includes the fix. According to the advisory, the risk is tied to hard-coded credentials and becomes more serious when SOCKS Proxy is enabled and an attacker also knows administrator and PostgreSQL database credential [truncated]
CVE-2026-1227 is a high-severity XML external entity (XXE) issue in Schneider Electric EcoStruxure Building Operation (EBO) Workstation and WebStation. According to the advisory, a local user who uploads a maliciously crafted TGML graphics file to the EBO server from Workstation could trigger unauthorized disclosure of local files, unauthorized interaction with the EBO system, or denial-of-service conditi [truncated]
CVE-2026-1226 is a high-severity Schneider Electric EcoStruxure Building Operation issue where maliciously crafted TGML graphics content can cause the application to execute untrusted or unintended code. The advisory identifies vendor fixes for specific Workstation and WebStation releases and recommends access controls, MFA for EBO 7.0 or later, network segmentation, and monitoring if patching is delayed.
Schneider Electric and CISA describe CVE-2026-0667 as a critical CWE-754 improper-check flaw affecting SCADAPack 47x/47xi and RemoteConnect when communicating over Modbus TCP. The vendor says the issue could lead to arbitrary code execution, denial of service, and loss of confidentiality and integrity, and recommends upgrading to the fixed releases or applying OT segmentation, RTU firewall restrictions, a [truncated]
CVE-2025-49844 is a critical advisory for Schneider Electric ProLeiT Plant iT/Brewmaxx. The source material ties the issue to a patch that disables Redis eval commands across several ProLeiT components, indicating a high-impact flaw that can be addressed through vendor-provided remediation. The published CVSS vector is 10.0/CRITICAL, reflecting network attackability, no privileges required, no user intera [truncated]
CVE-2025-46819 is a Schneider Electric ProLeiT Plant iT/Brewmaxx issue scored CVSS 3.1 6.3 (Medium). CISA and Schneider Electric say Patch ProLeiT-2025-001 reduces risk by disabling Redis eval commands in key components and by enforcing secure Redis configuration templates. Because the weakness is locally accessible and can affect confidentiality and availability, affected OT deployments should patch promptly.
CVE-2025-46818 is a medium-severity issue affecting Schneider Electric ProLeiT Plant iT/Brewmaxx in the advisory published by CISA on 2026-01-13. Schneider Electric’s fix, ProLeiT-2025-001, is intended to reduce risk by disabling Redis eval commands on affected components and enforcing secure Redis configuration templates. The advisory applies to Application Server, VisuHub, Engineering Workstations, and [truncated]
CVE-2025-46817 is a high-severity Schneider Electric issue affecting ProLeiT Plant iT/Brewmaxx. The supplied CVSS vector (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local attack path with low privileges and no user interaction, but with high impact if exploited. Schneider Electric's Patch ProLeiT-2025-001 reduces risk by disabling Redis eval commands on affected components, enforcing secure Redis te [truncated]
CVE-2025-13905 is a high-severity incorrect default permissions issue in Schneider Electric EcoStruxure™ Process Expert. According to the advisory, a local user with normal privileges may modify one or more executable service binaries in the installation folder, and upon service restart this can lead to privilege escalation through the reverse shell.
CVE-2025-13845 is a use-after-free vulnerability in Schneider Electric EcoStruxure Power Build Rapsody software. The advisory says a malicious SSD project file can trigger remote code execution when an end user imports it into Rapsody. The original advisory was published on 2026-01-13 and later updated on 2026-03-17, with vendor fixes available for multiple regional builds.
CVE-2025-13844 is a user-assisted double-free vulnerability in Schneider Electric EcoStruxure Power Build Rapsody that may lead to heap memory corruption when an end user imports a malicious SSD project file shared by an attacker. Schneider Electric and CISA rate the issue as Medium, and the advisory provides fixed releases plus temporary handling guidance for environments that cannot patch immediately.
CVE-2024-7322 is a medium-severity availability issue in Schneider Electric’s Wiser Zigbee product line. The CISA CSAF advisory (ICSA-26-027-03) describes a CWE-400 uncontrolled resource consumption condition that could lead to denial of service when a malicious device joins the network. The source item names Wiser iTRV2 and also lists additional Wiser/connected devices in scope. The published CVSS vector [truncated]
CVE-2024-6352 is a Schneider Electric Zigbee product issue that can let a malicious device joining the network trigger a buffer overflow and cause denial of service. The advisory was published on 2026-01-13 and later republished on 2026-01-27, with CISA’s CSAF notice linking the issue to multiple Schneider Electric Zigbee products, including Wiser iTRV2. The reported CVSS v3.1 score is 4.3 (Medium), refle [truncated]
CVE-2024-6351 is a medium-severity Schneider Electric Zigbee advisory issue published by CISA on 2026-01-13. The disclosed weakness is a CWE-120 buffer overflow that can cause a denial of service when a malicious device joins the network. The published CVSS vector (4.3, AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates adjacent-network conditions and availability-only impact.
CVE-2024-6350 is a medium-severity buffer overflow issue in Schneider Electric Zigbee products, including Wiser iTRV2. According to the advisory, a malicious device joining the network could trigger a denial of service. The published mitigations focus on tightening Zigbee pairing and access controls rather than on exploit details.
CVE-2024-10106 is a low-severity availability issue in Schneider Electric Wiser Zigbee products. The advisory says a CWE-120 buffer overflow can cause denial of service if a malicious device joins the network. The published CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates network reachability, no privileges, and limited availability impact, with no confidentiality or integrity impact identified [truncated]
CVE-2025-9317 affects Schneider Electric software tied to AVEVA components, including EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio. The disclosed issue centers on passwords being stored as MD5 hashes, which could let an attacker with read access to Edge Project files or Edge Offline Cache files recover app-native or Active Directory passwords through computational brute-force attacks aga [truncated]
CVE-2025-11567 is a high-severity local privilege-risk issue in Schneider Electric PowerChute Serial Shutdown. According to the CISA CSAF advisory, the flaw is a CWE-276 incorrect default permissions problem that could allow elevated system access when the target installation folder is not properly secured. Schneider Electric states that version v1.4 includes a fix, and recommends applying the update and [truncated]
CVE-2025-11566 is a HIGH-severity authentication weakness in Schneider Electric PowerChute Serial Shutdown. CISA’s advisory says a local-network attacker could make an arbitrary number of authentication attempts with different credentials against the /REST/shutdownnow endpoint and potentially gain access to the user account. Schneider Electric lists version v1.4 as the fixed release.
CVE-2025-11565 is a high-severity path traversal vulnerability in Schneider Electric PowerChute™ Serial Shutdown. According to the advisory, a Web Admin user on the local network can tamper with the POST /REST/UpdateJRE request payload and trigger elevated system access. Schneider Electric says version v1.4 includes a fix.
Schneider Electric has disclosed a command injection vulnerability affecting Saitel DR and Saitel DP remote terminal units. According to the advisory, the issue can let a user inject OS commands in BLMon when operating in an SSH session. The vendor provides fixed firmware and recommends restricting access, enforcing least privilege, and limiting SSH exposure while upgrades are planned.
CVE-2025-8449 is a Schneider Electric EcoStruxure Building Operation vulnerability that can let an authenticated user trigger denial of service by sending a specially crafted request to a specific endpoint inside the BMS network. CISA classifies the issue as CWE-400 (Uncontrolled Resource Consumption) and assigned CVSS 4.5 (medium). Schneider Electric and CISA published the advisory on 2025-08-12, with af [truncated]
Schneider Electric disclosed a high-severity SESU vulnerability, CVE-2025-5296, where improper link resolution before file access can let a low-privileged attacker tamper with the installation folder and write arbitrary data to protected locations. The vendor states this can lead to privilege escalation, arbitrary file corruption, exposure of application and system information, or persistent denial of ser [truncated]
CVE-2024-28219 is represented in the supplied CSAF source as an Industrial Control Systems advisory for Schneider Electric EcoStruxure Power Operation (EPO) 2022 and 2024, with a CVSS 3.1 score of 6.7 (MEDIUM). The advisory context indicates affected deployments should move to the vendor-provided remediation path and review PostgreSQL-related mitigation steps if full patching is not immediately possible. [truncated]
CVE-2023-50447 is a high-severity advisory published by CISA on 2025-07-22 and updated on 2026-02-25. The supplied source ties it to Schneider Electric EcoStruxure Power Operation (EPO) 2022 through CU6 and EPO 2024 through CU1, while the CVE description says Pillow 10.1.0’s PIL.ImageMath.eval can allow arbitrary code execution via the environment parameter, distinct from CVE-2022-22817.
The supplied CISA CSAF advisory maps CVE-2022-45198 to Schneider Electric EcoStruxure Power Operation (EPO) 2022 and 2024, with affected versions listed as EPO 2022 <=CU6 and EPO 2024 <=CU1. The record rates the issue 7.5 (High) with network access, no privileges, no user interaction, and availability impact only. The source corpus also says, "Versions of Pillow before 9.2.0 improperly handle highly compr [truncated]
CVE-2025-6788 is a medium-severity access control issue in Schneider Electric EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module. According to CISA’s CSAF advisory, TGML diagram resources can be exposed to the wrong control sphere, which may allow other authenticated users to access diagrams they should not see. Schneider Electric provi [truncated]
CVE-2025-6438 is a CWE-611 XML External Entity (XXE) issue in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the CISA advisory and Schneider Electric notice, the flaw can affect SOAP API handling and may lead to unauthorized file access when the server is accessed over the network using an application account. Schneider Electric states that version 9.0 includes the fix, and CISA publi [truncated]
CVE-2025-50125 is a CWE-918 server-side request forgery issue in Schneider Electric EcoStruxure™ IT Data Center Expert. CISA and Schneider Electric describe it as network-accessible and unauthenticated, with the potential to reach remote code execution when an attacker knows hidden URLs and can manipulate the Host request header. The advisory published on 2025-07-08 rates the issue HIGH with CVSS 7.2.
CVE-2025-50124 is a Schneider Electric EcoStruxure IT Data Center Expert issue described as CWE-269 improper privilege management. According to the CISA CSAF advisory and the vendor notice, it could lead to privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script. Schneider Electric lists version 9.0 as the fixed release for EcoStrux [truncated]
CVE-2025-50123 is a CWE-94 code injection issue in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the vendor and CISA advisory, affected versions are 8.3 and earlier, and exploitation could cause remote command execution by a privileged account when the server is accessed via a console and the hostname input is abused. Schneider Electric states that version 9.0 includes fixes.
CVE-2025-50122 is a high-severity issue in Schneider Electric EcoStruxure IT Data Center Expert version 8.3 and earlier. According to the advisory, access to installation or upgrade artifacts could enable reverse engineering of the password generation algorithm and lead to root password discovery.
CVE-2025-50121 is a critical OS command injection vulnerability in Schneider Electric EcoStruxure™ IT Data Center Expert. According to the CISA CSAF advisory published on 2025-07-08, the issue could allow unauthenticated remote code execution when a malicious folder is created through the web interface over HTTP, if HTTP is enabled. Schneider Electric states that HTTP is disabled by default, which reduces [truncated]
CVE-2025-5743 is a medium-severity OS command injection issue in Schneider Electric EVLink WallBox. According to the vendor and CISA advisory, an authenticated user who changes web-server configuration parameters may gain remote control of the charging station. The product is end-of-life, so Schneider Electric does not list a traditional fix for the affected line and instead recommends mitigation plus mig [truncated]
CVE-2025-5742 is a medium-severity cross-site scripting issue in Schneider Electric EVLink WallBox. According to the advisory, an authenticated user can modify configuration parameters on the web server in a way that allows improper input handling during page generation. The affected product is listed as EVLink WallBox all versions, and Schneider Electric notes the product has reached end of life with no [truncated]
CVE-2025-5741 affects Schneider Electric EVLink WallBox all versions. It is a CWE-22 path traversal issue that could allow arbitrary file reads from the charging station, but exploitation requires an authenticated web server session. Because the product is end of life, Schneider Electric states that no fix is planned; the recommended response is to restrict access, segment the network, review logs, and mi [truncated]
CVE-2025-5740 is a high-severity CWE-22 path traversal issue in Schneider Electric EVLink WallBox. The advisory states that an authenticated user on the web server can manipulate a file path and cause arbitrary file writes. CISA updated the advisory on 2025-07-08 to clarify that authentication is required. Schneider Electric lists EVLink WallBox as end of life and says no fix is planned, so owners should [truncated]
CVE-2025-3905 is a cross-site scripting vulnerability in Schneider Electric Modicon controller web interfaces that can let an authenticated malicious user inject unvalidated data into PLC system variables and influence what a victim’s browser reads or modifies. CISA published the advisory on 2025-06-10 and updated it on 2025-07-08 when remediation became available for the M241/M251 path. The advisory rema [truncated]
CVE-2025-3899 is a medium-severity cross-site scripting issue in the webserver Certificates page used by Schneider Electric Modicon Modicon Controllers M241 and M251. According to the advisory, an authenticated malicious user could inject unvalidated data and cause a victim’s browser to read or modify data. Schneider Electric and CISA list a fixed release and mitigations, and the advisory was updated on 2 [truncated]
CVE-2025-3898 is a medium-severity denial-of-service vulnerability in Schneider Electric Modicon Controllers. According to the CISA CSAF advisory, an authenticated malicious user can send an HTTPS request containing an invalid data type to the webserver and cause the service to fail. The advisory was originally published on 2025-06-10 and revised on 2025-07-08 to note that remediation was available for up [truncated]
CVE-2025-3117 is a CWE-79 cross-site scripting vulnerability in Schneider Electric Modicon controller web configuration paths. According to the CISA CSAF advisory and Schneider Electric notice, an authenticated malicious user could inject unvalidated data that may let them modify or read data in a victim’s browser. The issue affects Modicon M241, M251, M262, M258, and LMC058. Vendor fixes are available fo [truncated]
CVE-2025-3116 is a medium-severity denial-of-service issue in Schneider Electric Modicon controllers. According to the advisory, an authenticated malicious user can send a specially malformed HTTPS request with improperly formatted body data to the controller and trigger a service disruption. Schneider Electric later updated the notice to say a remediation is available for M241 and M251, while M258 and LM [truncated]
CVE-2025-3112 is a CWE-400 uncontrolled resource consumption issue in Schneider Electric Modicon Controllers M241 and M251. According to the CISA CSAF advisory, an authenticated malicious user can send a manipulated HTTPS Content-Length header to the webserver and cause denial of service. The advisory lists affected versions prior to 5.3.12.51 and notes that remediation is available.
CVE-2025-3916 affects Schneider Electric EcoStruxure Power Build Rapsody and is described as a CWE-121 stack-based buffer overflow. According to the CISA CSAF advisory, an attacker can potentially trigger the issue by providing a malicious SSD project file that the end user opens. Schneider Electric states that version v2.8.2 FR contains a fix, and the advisory also recommends several file-handling and wo [truncated]
