Schneider Electric EcoStruxure Power Automation System

Plan PatchCVSS 9.8ICS-CERT ICSA-25-077-03Mar 11, 2025

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability exists in the WebHMI component of Schneider Electric's EcoStruxure Power Automation System User Interface and EcoStruxure Microgrid Operation Large (EMO-L) solution. The WebHMI is a local SCADA/HMI application based on IEC 61850 that allows operators to supervise, monitor, and control large electrical networks and microgrids with distributed energy resources. An authentication bypass vulnerability (CWE-1188) in the WebHMI allows unauthorized access to the underlying software application. Affected versions are EcoStruxure Microgrid Operation Large (EMO-L) version 4.1.0.0 and earlier, and EPAS User Interface version 4.1.0.0 and earlier.

What this means

What could happen

An attacker with network access to the WebHMI component could bypass authentication and gain unauthorized access to the SCADA/HMI system, potentially allowing them to monitor or manipulate electrical network operations, microgrid controls, and distributed energy resources.

Who's at risk

Power utilities, energy companies, and manufacturing plants using Schneider Electric's EcoStruxure Power Automation System (EPAS) or EcoStruxure Microgrid Operation Large (EMO-L) for electrical network supervision and microgrid management should assess their exposure. This affects operators of SCADA/HMI systems that supervise electrical distribution networks and manage distributed energy resources.

How it could be exploited

An attacker on the network sends a crafted request to the WebHMI component without providing valid credentials. The authentication bypass vulnerability (CWE-1188) allows the attacker to directly access the underlying SCADA/HMI application, bypassing normal access controls. Once in, the attacker can interact with the power management system's monitoring and control functions.

Prerequisites

Network access to the WebHMI component
No credentials required for exploitation

remotely exploitableno authentication requiredlow complexityaffects critical infrastructure control systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (3)

3 pending

ProductAffected VersionsFix Status

EcoStruxure™ Microgrid Operation Large (EMO-L)≤ 4.1.0.0No fix yet

EPAS User Interface≤ 4.1.0.0No fix yet

EcoStruxure Microgrid Operation Large (EMO-L)≤ 4.1.0.0No fix yet

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGEnsure WebHMI is not exposed to the Internet; restrict access to trusted management networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply hotfix WebHMI_Fix_users_for_Standard.V1 from Schneider Electric Customer Care Center

WORKAROUNDTest the hotfix in a test or development environment before applying to production systems

Long-term hardening

0/2

HARDENINGPlace the control system network behind firewalls and isolate it from the business network

HARDENINGImplement all hardening guidelines provided by Schneider Electric with the product

CVEs (1)

CVE-2025-1960

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3707d62a-df90-42b2-b514-498840d7e384

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.