Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)

Monitor6.8ICS-CERT ICSA-25-077-01Mar 18, 2025

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

EcoStruxure Power Automation System User Interface (EPAS-UI) versions 2.1 through 2.9 contain an authentication bypass vulnerability (CWE-287) that could allow an attacker with physical access to the device to bypass authentication, gain access to sensitive information, or execute arbitrary code.

What this means

What could happen

An attacker with physical access to the EPAS-UI workstation could bypass authentication and gain full control of the power automation system, potentially allowing them to alter critical process settings, disconnect power monitoring, or disrupt energy distribution operations.

Who's at risk

Electric utilities and power distribution operators using Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) on engineering workstations or control room PCs are affected. This impacts organizations relying on EPAS-UI for real-time monitoring and control of power grids, substations, and distribution networks.

How it could be exploited

An attacker with physical access to the EPAS-UI workstation can exploit the authentication bypass vulnerability to access the system without valid credentials. Once authenticated, they could read sensitive configuration data or execute commands to modify power automation parameters or shut down monitoring functions.

Prerequisites

Physical access to the EPAS-UI workstation or the machine running the software
EPAS-UI version 2.1 through 2.9 installed
System must be powered on and accessible

authentication bypass vulnerabilityphysical access required but difficult to control in shared facilitiesaffects critical energy infrastructureno patch available for current versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Automation System User Interface (EPAS-UI): >=v2.1|<=v2.9≥ v2.1|≤ v2.92.10

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDAs an immediate workaround, log in with admin privileges, navigate to C:\MCIS\Bin, rename the file 'MCIS.chm' to 'MCIS.old', and restart the machine

HARDENINGRestrict physical access to all EPAS-UI workstations and control room terminals—keep them in locked rooms or cabinets and ensure only authorized operators have access

HARDENINGNever leave EPAS-UI or connected devices in 'Program' mode when unattended

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to EPAS-UI version 2.10 or later by contacting Schneider Electric Customer Care Center

Long-term hardening

0/1

HARDENINGIsolate the EPAS-UI system and all power automation networks behind firewalls and keep them separate from business networks

CVEs (1)

CVE-2025-0813

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b4be2b4f-248f-43cc-9d49-0876dad21614