Schneider Electric SESU
Plan Patch7.3ICS-CERT ICSA-25-266-03Aug 12, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A file operation vulnerability (CWE-59) exists in multiple Schneider Electric software products including SESU, EcoStruxure suite applications, and related tools. The vulnerability allows a local user to write arbitrary data to protected locations on the system. This could lead to privilege escalation, arbitrary file corruption, information disclosure, or denial of service. All affected products prior to version 3.0.12 are vulnerable. Schneider Electric has released version 3.0.12 as a fix, which will be automatically applied as a critical update depending on software configuration settings.
What this means
What could happen
An attacker with local access to an engineering workstation running one of these products could write arbitrary data to protected system locations, leading to privilege escalation, file corruption, information disclosure, or denial of service. This could affect process control, reporting systems, or operational visibility depending on which software is compromised.
Who's at risk
This affects organizations in the energy sector using Schneider Electric automation, monitoring, and configuration software. Specifically, it impacts engineers and operators who use SESU, EcoStruxure suite products (Automation Expert, Machine Expert, Control Expert, Process Expert, Power Operations), Easergy MiCOM products, PowerLogic analytics software, and related engineering workstations. Any facility using Schneider Electric control system design or maintenance tools is potentially affected.
How it could be exploited
An attacker with local user-level access to a machine running a vulnerable version could exploit a file operation flaw (CWE-59 - path traversal or improper link resolution) to write files outside the intended application directory. This could overwrite system files, configuration files, or other application data with malicious content, achieving privilege escalation or persistent code execution on the engineering workstation.
Prerequisites
- Local user-level access to the workstation running the vulnerable software
- Vulnerable version of the software installed (versions before 3.0.12)
- Write permissions to the SESU installation directory or its parent paths
Local access required (not remotely exploitable)User-level privileges sufficient for exploitationLow exploit complexityAffects engineering workstations (potential pivot point to OT networks)Wide range of Schneider Electric products affectedFile write can lead to privilege escalation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (26)
26 with fix
ProductAffected VersionsFix Status
SESU<3.0.123.0.12
BESS ANSI<3.0.123.0.12
Easergy MiCOM P30<3.0.123.0.12
Easergy MiCOM P40<3.0.123.0.12
Easergy Studio<3.0.123.0.12
Remediation & Mitigation
0/4
Do now
0/1SESU
WORKAROUNDRestrict network access to the SESU installation directory using file system permissions. Ensure only trusted administrative personnel can read or modify files in the installation directory and its subdirectories.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
SESU
HOTFIXUpdate all Schneider Electric software products to version 3.0.12 or later. Enable automatic critical updates in SESU configuration if available.
Long-term hardening
0/2HARDENINGIsolate engineering workstations from the general IT network using network segmentation (separate VLAN or DMZ). Restrict access to these workstations to authorized personnel only.
HARDENINGImplement local firewall rules or endpoint protection to monitor and restrict file writes to system-critical directories (Windows/System32, program files, etc.).
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3370ee2d-2900-472a-a35f-ec0196e9a8c8