Schneider Electric EcoStruxure Panel Server

Monitor6ICS-CERT ICSA-25-077-04Mar 11, 2025

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in EcoStruxure Panel Server versions 2.0 and earlier allows disclosure of sensitive information, including credentials stored in the device. The vulnerability is related to improper handling of sensitive data in debug mode (CWE-532). An attacker with administrative privileges and local or adjacent network access could enable debug mode to extract credentials and configuration data. The vulnerability is not remotely exploitable and requires high-level privileges, limiting risk to insider threats or attackers already present on the local network segment. Vendor has released a fix in version 2.1 and later.

What this means

What could happen

An attacker with local administrative access could read sensitive credentials and configuration data from the EcoStruxure Panel Server, potentially using those credentials to compromise other systems in your network or gain unauthorized access to cloud applications connected through the gateway.

Who's at risk

Energy sector organizations operating Schneider Electric EcoStruxure Panel Server (version 2.0 and earlier) as a gateway device connecting edge controls, PLCs, or RTUs to cloud applications or SCADA networks. This includes municipal electric utilities and distribution automation systems that rely on the Panel Server for remote monitoring or configuration.

How it could be exploited

An attacker with local administrative privileges on a device running EcoStruxure Panel Server can enable debug mode to access sensitive information stored in memory or configuration files. This requires physical or local network access with high-level user rights, making it most likely an insider threat or an attacker who has already compromised the local network segment where the Panel Server runs.

Prerequisites

Local or adjacent network access to the EcoStruxure Panel Server
High-privilege (administrative) credentials on the server or the engineering workstation
Ability to enable or interact with debug mode on the affected device

Requires administrative/high-privilege credentialsLocal access only (not remotely exploitable)Sensitive credentials at risk of disclosureAffects gateway/connectivity deviceVendor fix available

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Panel Server≤ 2.02.1 or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImmediately disable debug mode on all EcoStruxure Panel Server instances if upgrade cannot be performed in the short term

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Panel Server firmware to version 2.1 or later and EcoStruxure Power Commission Software to version 2.33.0 or later

Long-term hardening

0/3

HARDENINGIsolate the EcoStruxure Panel Server and connected control networks behind a firewall, physically separated from business and Internet-facing networks

HARDENINGImplement physical access controls such as locked cabinets to prevent unauthorized local access to the Panel Server and engineering workstations

HARDENINGRestrict remote access to the Panel Server to secure VPN connections only; disable or protect any remote management features not explicitly required for operations

CVEs (1)

CVE-2025-2002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2be1433f-4f53-4add-8d3d-625901cb2c37