Schneider Electric EcoStruxure Panel Server

MonitorCVSS 6ICS-CERT ICSA-25-077-04Mar 11, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

EcoStruxure Panel Server (versions 2.0 and earlier) contains a vulnerability that could expose stored credentials in debug mode, potentially compromising connected edge control and cloud systems. The vulnerability affects all models of the product and allows an attacker with administrative access to read sensitive authentication information. A fix is available in version 2.1 or later. As an interim measure, debug mode should be disabled on all unpatched systems.

What this means

What could happen

An attacker with local administrative access to the Panel Server could extract stored credentials through exposed debug mode, potentially compromising downstream systems and cloud applications that the gateway connects to.

Who's at risk

Energy utilities and facilities using Schneider Electric EcoStruxure Panel Server as a gateway between edge control systems and cloud applications should prioritize this. The server acts as a credential storage point, so any compromise could affect connected PLCs, RTUs, or SCADA systems.

How it could be exploited

An attacker with high-level privileges on the Panel Server device itself could enable or access debug mode to read unencrypted credentials stored in memory or logs. This requires physical access to the device or prior compromise of the administrative account.

Prerequisites

Local administrative access to the EcoStruxure Panel Server device
Debug mode enabled or ability to enable it
Physical access to the device or remote admin session already established

Sensitive credential exposureRequires high-level privileges to exploitNo remote exploitation pathDefault or debug-enabled configuration risk

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure™ Panel Server≤ 2.0V2.1

EcoStruxure Panel Server≤ 2.02.1+

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDisable debug mode on all Panel Server devices immediately if not already patched

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

EcoStruxure Panel Server

HOTFIXUpdate EcoStruxure Panel Server firmware to version 2.1 or later

All products

HOTFIXUpdate EcoStruxure Power Commission Software to version 2.33.0 or later to support the firmware upgrade

Long-term hardening

0/2

HARDENINGRestrict administrative access to Panel Server devices to authorized personnel only

HARDENINGIsolate Panel Server devices and the networks they connect to behind firewalls, away from business networks

CVEs (1)

CVE-2025-2002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2be1433f-4f53-4add-8d3d-625901cb2c37

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.