Insecure Storage of Sensitive Information in Schneider Electric Products
CVE-2025-2440

4.1MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Trio Q Licensed Data Radio
Vendor: CVE Published:; 9 April 2025

Summary

An insecure storage vulnerability allows a malicious user with physical access and advanced knowledge of the file system to exploit the device by resetting it to factory default mode. This action could expose confidential data, leading to unauthorized access and potential data breaches. Organizations using affected Schneider Electric products should take immediate measures to secure sensitive information and prevent exploitation.

Affected Version(s)

Trio Q Licensed Data Radio Versions prior to v2.7.2

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 17, 2025