Insecure Initialization Vulnerability in Schneider Electric Products
CVE-2025-2441

4.1MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Trio Q Licensed Data Radio
Vendor: CVE Published:; 9 April 2025

Summary

An insecure initialization vulnerability exists in Schneider Electric radio devices, where a malicious user with physical access can exploit the factory default settings. This flaw may lead to an inadvertent exposure of sensitive data and a potential loss of confidentiality, as the products do not properly initialize all data upon reset. Organizations must ensure appropriate security measures are in place to mitigate this risk.

Affected Version(s)

Trio Q Licensed Data Radio Versions prior to v2.7.2

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 17, 2025