Schneider Electric ConneXium Network Manager Software

MonitorCVSS 7.8ICS-CERT ICSA-25-107-03Apr 8, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric ConneXium Network Manager software contains vulnerabilities related to improper file permissions (CWE-552) and insufficient input validation (CWE-20). The software is used to configure and monitor administrable Schneider Electric devices including switches, routers, firewalls, ConneXium Wi-Fi devices, and products from various manufacturers. Exploitation could lead to sensitive data disclosure, privilege escalation through man-in-the-middle attacks, denial of service, and remote code execution on engineering workstations.

What this means

What could happen

An attacker with local access to an engineering workstation running ConneXium Network Manager could steal sensitive configuration data, escalate privileges, crash the software, or execute arbitrary code, potentially affecting the configuration of critical network devices like switches, routers, and firewalls that control Schneider Electric industrial systems.

Who's at risk

Energy sector operators and utilities using Schneider Electric ConneXium Network Manager to configure and monitor network infrastructure devices (switches, routers, firewalls, Wi-Fi devices) should care about this vulnerability, particularly those with engineering workstations that have administrative access to critical network equipment.

How it could be exploited

An attacker with local access to a workstation running ConneXium Network Manager could exploit improper file/folder permissions (CWE-552) and insufficient input validation (CWE-20) to read sensitive files, perform man-in-the-middle attacks, or execute code on the workstation. Since this software manages critical network infrastructure devices, compromise of the workstation could enable reconfiguration of firewalls, switches, and routers that protect your OT environment.

Prerequisites

Local access to engineering workstation running ConneXium Network Manager
User interaction required (user must open a file or perform an action)
No administrative privileges required

Local exploitation requiredNo authentication requiredLow complexity attackNo patch availableAffects management of safety-critical network devices

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ConneXium Network Manager All versionsAll versionsNo fix (EOL)

ConneXium Network Manager v2.0.012.0.01No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict physical access to engineering workstations running ConneXium Network Manager—use locked rooms or cabinets and limit personnel with access keys

HARDENINGIsolate the engineering workstation network from the business network using a firewall—ConneXium Network Manager workstations should not be connected to corporate IT networks or the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDisable network connectivity on ConneXium Network Manager workstations except when actively managing devices; use dedicated, air-gapped workstations for this software when possible

HARDENINGImplement USB device restrictions on ConneXium Network Manager workstations to prevent unauthorized data transfer or introduction of malware via removable media

Long-term hardening

0/1

HOTFIXMonitor for Schneider Electric security updates for ConneXium Network Manager and subscribe to their security notifications, as vendor may release fixes in future updates

CVEs (2)

CVE-2025-2222 CVE-2025-2223

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/51763271-2179-460f-bc7e-f53329c09d9a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.