CVE-2025-0327 HIGH

CVE-2025-0327

Vendor Schneider Electric
Product EcoStruxure Process Expert
Weakness CWE-269
Published February 13, 2025
Last update February 13, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Key dates

02Disclosure timeline

February 13, 2025 CVE published
February 13, 2025 Record updated