Improper Privilege Management Vulnerability in Schneider Electric Services
CVE-2025-0327
8.5HIGH
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 13 February 2025
What is CVE-2025-0327?
An improper privilege management vulnerability has been identified in Schneider Electric services, specifically in the services that manage audit trail data and client requests. This flaw allows an attacker with standard user privileges to modify the executable path of these Windows services. Exploiting this vulnerability requires a service restart, which can lead to significant risks involving the confidentiality, integrity, and availability of the engineering workstation involved.
Affected Version(s)
EcoStruxure Process Expert Versions 2020R2
EcoStruxure Process Expert Versions 2021 & 2023 (prior to v4.8.0.5715)
EcoStruxure Process Expert for AVEVA System Platform Versions 2020R2