CVE-2025-0327

Published: Feb 13, 2025

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Vendor	Product	Versions
Schneider Electric	EcoStruxure Process Expert	affected `Versions 2020R2` affected `Versions 2021 & 2023 (prior to v4.8.0.5715)`
Schneider Electric	EcoStruxure Process Expert for AVEVA System Platform	affected `Versions 2020R2` affected `Versions 2021 & 2023`

Weaknesses (CWE)

CWE-269

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-0327

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References