OS Command Injection Vulnerability in BLMon Console by Schneider Electric
CVE-2025-9996

5.8MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Saitel Dr Rtu; Saitel Dp Rtu
Vendor: CVE Published:; 9 September 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-9996?

An OS Command Injection vulnerability exists in the BLMon Console, allowing an attacker to execute arbitrary shell commands during an SSH session when running a netstat command. This flaw arises due to improper neutralization of special elements, potentially leading to unauthorized access or control over the system.

Affected Version(s)

Saitel DP RTU all versions <= 11.06.33

Saitel DR RTU all versions <= 11.06.29

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 4, 2025