Schneider Electric PrismaSeT Active - Wireless Panel Server

Plan PatchCVSS 9.8ICS-CERT ICSA-25-140-06May 13, 2025

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PrismaSeT Active Wireless Panel Server contains a buffer overflow vulnerability in the Silicon Labs Gecko Bootloader. The vulnerability allows unauthenticated network-based code execution, which could result in unauthorized control of the switchboard and disabling of voltage loss monitoring. All firmware versions are affected. No patch is planned. Schneider Electric recommends network isolation, access control hardening, and physical security measures.

What this means

What could happen

An attacker with network access could execute arbitrary code on the Wireless Panel Server, disabling voltage loss monitoring and control capabilities of the PrismaSeT Active switchboard.

Who's at risk

Energy sector operators using Schneider Electric PrismaSeT Active Wireless Panel Servers for low-voltage switchboard control and voltage loss monitoring. This affects facilities managing electrical distribution and monitoring systems that rely on the panel server for real-time control and data collection.

How it could be exploited

An attacker on the network could exploit a buffer overflow in the Silicon Labs Gecko Bootloader to execute arbitrary code directly on the device without authentication, bypassing normal access controls.

Prerequisites

Network access to the PrismaSeT Active Wireless Panel Server
No credentials or authentication required
Device must be running an affected firmware version (all versions affected)

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

PrismaSeT Active - Wireless Panel Server All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGIsolate the PrismaSeT Active Wireless Panel Server behind a firewall and on a separate network segment from the business IT network

HARDENINGRestrict network access to the device by blocking inbound connections from untrusted networks and monitoring for unauthorized access attempts

HARDENINGDo not connect the device to the Internet or any network accessible from the Internet

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGInstall physical controls to prevent unauthorized personnel from accessing the device or placing it in 'Program' mode

WORKAROUNDIf remote access is required, use a secure VPN with current patches and restrict access to authorized personnel only

HARDENINGScan all USB drives and removable media before connecting them to the PrismaSeT device or any network connected to it

CVEs (1)

CVE-2023-4041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/35976f20-afe4-40bf-851e-784f7f60b14e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.