CVE-2025-0327Improper Privilege Management in Electric Ecostruxure Process Expert

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.5HIGHNVD
EPSS
0.1%
top 69.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider Electric Ecostruxure Process ExpertSchneider Electric Ecostruxure Process Expert FOR Aveva System Platform
Timeline
PublishedFeb 13

Description

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5schneider_electric/ecostruxure_process_expertVersions 2021 & 2023 (prior to v4.8.0.5715), Versions 2020R2+1
CVEListV5schneider_electric/ecostruxure_process_expert_for_aveva_system_platformVersions 2021 & 2023, Versions 2020R2+1

🔴Vulnerability Details

2
GHSA
GHSA-4v4v-fcfx-x6mg: CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server ma2025-02-13
CVEList
CVE-2025-0327: CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server ma2025-02-13
CVE-2025-0327 — Improper Privilege Management | cvebase