OS Command Injection Vulnerability in Schneider Electric's BLMon
CVE-2025-9997

5.8MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Saitel Dr Rtu; Saitel Dp Rtu
Vendor: CVE Published:; 9 September 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-9997?

An OS command injection vulnerability has been identified in Schneider Electric's BLMon product, which can lead to unauthorized command execution in the operating system console during SSH sessions. This issue arises from improper neutralization of special elements used in OS commands, making it critical for users to ensure their systems are patched and protected against potential exploitation.

Affected Version(s)

Saitel DP RTU all versions <= 11.06.33

Saitel DR RTU all versions <= 11.06.29

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 4, 2025