Schneider Electric EcoStruxureâ„¢

Plan PatchCVSS 7.8ICS-CERT ICSA-25-079-01Feb 11, 2025

Schneider ElectricAVEVAEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

EcoStruxure™ Process Expert and EcoStruxure™ Process Expert for AVEVA System Platform contain a privilege escalation vulnerability in versions 2020_R2, 2021, and 2023 (prior to v4.8.0.5715). The vulnerability allows a user with standard privileges on the engineering workstation to escalate to administrator level, potentially compromising the confidentiality, integrity, and availability of control system projects, PLC programs, and SCADA configurations. The 2023 version is patchable; earlier versions and the AVEVA variant require mitigation controls.

What this means

What could happen

A user with local access to an engineering workstation running EcoStruxure™ Process Expert could escalate their privileges to administrator level, allowing them to modify PLC or SCADA configurations, alter process parameters, or disrupt engineering operations.

Who's at risk

Engineering teams at energy utilities and industrial facilities using Schneider Electric EcoStruxure™ Process Expert to design and maintain PLC (Modicon) and SCADA projects. Versions 2020_R2 and 2021 have no patches available; version 2023 can be updated. The AVEVA System Platform variant has no fix planned.

How it could be exploited

An attacker with a standard user account on an engineering workstation runs a Windows utility to escalate to administrator privileges, then modifies the EcoStruxure™ Process Expert configuration or project files. This could allow changes to Modicon controller programs or SCADA supervision logic before deployment.

Prerequisites

Local account access to engineering workstation running affected EcoStruxure™ Process Expert version
Standard or service account privileges (not admin)
Windows service control utility (sc.exe) executable and accessible to non-admin users

local access requiredlow complexityno authentication required for privilege escalation once on workstationaffects engineering toolchain used to configure safety and control systemsno patch available for 2020_R2, 2021, and AVEVA versions

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (6)

1 with fix5 pending

ProductAffected VersionsFix Status

EcoStruxure™ Process Expert2020 R2No fix yet

EcoStruxure™ Process Expert2021No fix yet

EcoStruxure™ Process Expert 2023<4.8.0.57154.8.0.5715

EcoStruxure™ Process Expert for AVEVA System2020 R2No fix yet

EcoStruxure™ Process Expert for AVEVA System2021No fix yet

EcoStruxure™ Process Expert for AVEVA System2023No fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict execute permissions on Windows sc.exe utility to administrator accounts only

WORKAROUNDDeploy application whitelisting (e.g., McAfee Change Control) to allow only authorized applications to execute on engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

EcoStruxure™ Process Expert

HOTFIXUpdate EcoStruxure™ Process Expert 2023 to version 4.8.0.5715 or later, uninstalling v4.8.0.5115 first

Long-term hardening

0/1

HARDENINGIsolate engineering workstations from business network and ensure physical access controls prevent unauthorized use

CVEs (1)

CVE-2025-0327

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7de929bc-2cfc-4b58-8a31-c495f1c3fac1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.