Improper Input Validation Vulnerability in Schneider Electric Engineering Workstation
CVE-2025-2223

8.4HIGH

Key Information:

Vendor: Schneider Electric
Status: Connexium Network Manager
Vendor: CVE Published:; 9 April 2025

Summary

A vulnerability exists within Schneider Electric's Engineering Workstation that allows for improper input validation. When a user loads a malicious project file from the local system, it can lead to potential impacts on confidentiality, integrity, and availability of the workstation. Organizations using this product should ensure they are applying security patches and following best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

ConneXium Network Manager All Versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 11, 2025