CVE-2025-2440 MEDIUM

CVE-2025-2440

Vendor Schneider Electric
Product Trio Q Licensed Data Radio
Weakness CWE-922
Published April 9, 2025
Last update April 9, 2025

CVSS base score

4.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
April 9, 2025 Record updated