Improper Authentication in Schneider Electric's EPAS-UI Workstation
CVE-2025-0813

7HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Power Automation System User Interface (epas-ui) - Secured Versions
Vendor: CVE Published:; 12 March 2025

Summary

An improper authentication vulnerability has been identified in Schneider Electric's EPAS-UI product. This vulnerability can be exploited when an unauthorized user obtains physical access to the EPAS-UI workstation. By rebooting the workstation and interrupting the normal boot process, the malicious actor may bypass authentication mechanisms, potentially allowing them unauthorized access to sensitive information and operational controls. Organizations utilizing the EPAS-UI should implement strict physical security measures to safeguard against unauthorized access.

Affected Version(s)

EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured v2.1 up to and including v2.9

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Jan 28, 2025