Schneider Electric Wiser Home Automation

Plan PatchCVSS 9.8ICS-CERT ICSA-25-153-01Jun 3, 2025

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability (CWE-120) in Schneider Electric Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket devices allows remote code injection or authentication bypass. Both products have reached end of life and are no longer supported by the vendor. Successful exploitation could allow an attacker to inject code or bypass authentication on the affected devices.

What this means

What could happen

An attacker could inject malicious code or bypass authentication on Wiser home automation devices, potentially allowing unauthorized control of connected home systems. Since these devices are end-of-life with no patch available, organizations must isolate or remove them to prevent compromise.

Who's at risk

Organizations operating Schneider Electric Wiser home automation devices—specifically the AvatarOn 6K Freelocate and Cuadro H 5P Socket models—should be concerned. These devices are often deployed in distributed energy management or smart building environments. Home automation systems integrated with energy networks or facility control are at risk.

How it could be exploited

An attacker with network access to a Wiser AvatarOn 6K Freelocate or Wiser Cuadro H 5P Socket device could send crafted input to trigger a buffer overflow (CWE-120), enabling code injection or authentication bypass. The attack requires no credentials or user interaction and can be executed remotely.

Prerequisites

Network access to the Wiser device (direct IP connectivity or reachable from attacker's network segment)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableend-of-life product

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Wiser AvatarOn 6K Freelocate: vers:all/*All versionsNo fix (EOL)

Wiser Cuadro H 5P Socket: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDRemove Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket devices from service immediately

WORKAROUNDIf devices cannot be removed, disable firmware update functionality in the Zigbee Trust Center to prevent code injection through OTA updates

HARDENINGIsolate any remaining Wiser devices behind a firewall; deny all inbound network access from untrusted networks or the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGSegment Wiser devices on a separate network from critical control systems and business networks

CVEs (1)

CVE-2023-4041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b7721dd8-bdc6-4747-b1f6-9daa98994b1d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.