Schneider Electric PrismaSeT Active - Wireless Panel Server

Act Now9.8ICS-CERT ICSA-25-140-06May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Silicon Labs Gecko Bootloader affects the PrismaSeT Active Wireless Panel Server across all versions. The device is a cloud-connected low-voltage switchboard used for monitoring and control in electrical distribution. Successful exploitation could allow unauthorized code execution and disrupt voltage loss monitoring functions.

What this means

What could happen

An attacker could execute arbitrary code on the PrismaSeT Active Wireless Panel Server via a bootloader vulnerability, potentially disabling voltage loss monitoring and affecting power distribution switchboard operations.

Who's at risk

Energy sector organizations operating Schneider Electric PrismaSeT Active Wireless Panel Servers for low-voltage switchboard and power distribution monitoring should treat this as high priority. Any facility using this equipment for voltage loss monitoring and cloud-connected switchboard operations is affected.

How it could be exploited

The vulnerability exists in the Silicon Labs Gecko Bootloader integrated into the device. An attacker with network access to the device could exploit this bootloader flaw to execute unauthorized code and compromise the system.

Prerequisites

Network access to the PrismaSeT Active Wireless Panel Server
Device must be reachable from the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availablecritical CVSS score (9.8)affects power distribution operations

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

PrismaSeT Active - Wireless Panel Server All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/5

HARDENINGPlace the PrismaSeT Active Wireless Panel Server behind a firewall and isolate it from business networks

HARDENINGEnsure the device is not accessible from the Internet; restrict network exposure to authorized personnel and systems only

HARDENINGImplement physical access controls: place the device in a locked cabinet and prevent access to Program mode

HARDENINGDo not connect programming or maintenance software to networks other than the isolated network dedicated to this device

WORKAROUNDSanitize all removable media (USB drives, CDs, etc.) before use on the isolated network to prevent infection vectors

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Schneider Electric security advisories for future bootloader patches; contact vendor for timeline on firmware updates

Mitigations - no patch available

0/1

PrismaSeT Active - Wireless Panel Server All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIf remote access is required, use secure methods such as VPNs and keep VPN software updated to the latest version

CVEs (1)

CVE-2023-4041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/35976f20-afe4-40bf-851e-784f7f60b14e