Improper Authentication in Schneider Electric's EPAS-UI Workstation
CVE-2025-0813

7HIGH

Key Information:

Vendor

Schneider Electric
Status
Ecostruxure Power Automation System User Interface (epas-ui) - Secured Versions
Vendor
CVE Published:
12 March 2025

What is CVE-2025-0813?

An improper authentication vulnerability has been identified in Schneider Electric's EPAS-UI product. This vulnerability can be exploited when an unauthorized user obtains physical access to the EPAS-UI workstation. By rebooting the workstation and interrupting the normal boot process, the malicious actor may bypass authentication mechanisms, potentially allowing them unauthorized access to sensitive information and operational controls. Organizations utilizing the EPAS-UI should implement strict physical security measures to safeguard against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured v2.1 up to and including v2.9

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.