Schneider Electric EcoStruxure Power Monitoring Expert

Plan Patch8.8ICS-CERT ICSA-25-224-03Aug 12, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxure Power Monitoring Expert (PME), Power Operation (EPO), and Power SCADA Operation (PSO) contain multiple vulnerabilities in deserialization, server-side request forgery (SSRF), and path traversal that can lead to remote code execution and unauthorized access to sensitive data. These are on-premises software products used to monitor and control power systems in critical and energy-intensive facilities. Some deployments operate in a Managed Service model.

What this means

What could happen

An attacker with network access and valid user credentials could execute arbitrary code on the PME, EPO, or PSO application server, potentially allowing them to alter power monitoring data, disrupt facility operations, or access sensitive energy management information.

Who's at risk

This affects power utilities, energy facility operators, and industrial facilities that deploy Schneider Electric's EcoStruxure Power Monitoring Expert, Power Operation, or Power SCADA Operation software to monitor and manage medium and lower voltage power systems. Both traditional on-premises deployments and managed service deployments are at risk.

How it could be exploited

An attacker who has obtained valid user credentials or has network access to the application could exploit deserialization, SSRF, or path traversal vulnerabilities to achieve remote code execution. Once code execution is gained, the attacker could run arbitrary commands within the application context to compromise the facility's power monitoring and control systems.

Prerequisites

Valid user credentials for PME, EPO, or PSO (authenticated access required)
Network access to the PME, EPO, or PSO application server or web interface
Knowledge of vulnerable API endpoints or deserialization mechanisms

Remotely exploitableRequires authentication but valid credentials may be compromised or sharedMultiple vulnerability types (deserialization, SSRF, path traversal)Could lead to remote code executionAffects power monitoring and control systems which are critical to operations

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Monitoring Expert (PME)2024; 2024 R2; 2022; 2023; 2023 R2Hotfix_279338_Release_2024R2

Remediation & Mitigation

0/6

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Power Monitoring Expert (PME) 2024 to version 2024 R2 and apply Hotfix_279338_Release_2024R2

HOTFIXUpgrade EcoStruxure Power Monitoring Expert (PME) 2023 R2 and apply Hotfix_199767_release and Hotfix_273686_release.12.0

HOTFIXApply available hotfixes for EcoStruxure Power Operation (EPO) and Power SCADA Operation (PSO) affected versions (contact Schneider Electric Customer Care Center)

Long-term hardening

0/3

HARDENINGRestrict network access to PME, EPO, and PSO application servers to authorized users and systems only

HARDENINGEnforce strong authentication and access controls for PME, EPO, and PSO user accounts

HARDENINGMonitor and audit user activity on PME, EPO, and PSO applications for unauthorized access attempts or suspicious behavior

CVEs (5)

CVE-2025-54923 CVE-2025-54924 CVE-2025-54925 CVE-2025-54926 CVE-2025-54927

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5af99202-19fb-40a2-b95f-1609a8aa5238