Schneider Electric SESU

Plan PatchCVSS 7.3ICS-CERT ICSA-25-266-03Aug 12, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Schneider Electric Software Update (SESU) and related EcoStruxure, PowerLogic, and Easergy products allows arbitrary file writes to protected system locations via a local attack vector. Versions prior to 3.0.12 are affected. Successful exploitation could allow privilege escalation, arbitrary file corruption, disclosure of application and system information, or persistent denial of service. The vulnerability is not remotely exploitable; local access to the host system is required.

What this means

What could happen

An attacker with local access to an engineering workstation or server running SESU could write arbitrary files to protected system locations, potentially gaining elevated privileges, corrupting critical files, or causing persistent service failures in the automation platform.

Who's at risk

This vulnerability affects Schneider Electric's software update tool (SESU) and downstream automation engineering and operations products used by energy utilities and industrial automation facilities. Specifically, this impacts organizations running EcoStruxure software suites (Automation Expert, Machine Expert, Control Expert, Process Expert, Operator Terminal Expert), PowerLogic power monitoring, Easergy relay management, and other configuration and maintenance tools. Any organization using these products for grid management, microgrid operations, HVAC automation, or equipment commissioning is potentially affected.

How it could be exploited

An attacker with local access to a machine running SESU (such as a compromised engineering workstation) could exploit an arbitrary file write vulnerability in the software to place malicious code or configuration files in protected directories. This could lead to privilege escalation if the SESU application runs with elevated permissions, or persistent compromise if the malicious files survive application updates.

Prerequisites

Local access to the machine running SESU
User-level or higher privileges on the host system
SESU version prior to 3.0.12 installed

Local access requiredLow attack complexityAffects engineering workstations and maintenance systemsPrivilege escalation possibleNo authentication required beyond OS-level access

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (43)

43 with fix

ProductAffected VersionsFix Status

SESU<3.0.123.0.12

BESS ANSI<3.0.123.0.12

Easergy MiCOM P30<3.0.123.0.12

Easergy MiCOM P40<3.0.123.0.12

Easergy Studio<3.0.123.0.12

Remediation & Mitigation

0/3

Do now

0/1

SESU

HARDENINGRestrict network access to the SESU installation directory and ensure it is accessible only to trusted administrative personnel

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all Schneider Electric EcoStruxure, PowerLogic, Easergy, and related software products to version 3.0.12 or later

Long-term hardening

0/1

SESU

HARDENINGIsolate engineering workstations and servers running SESU from the business network using a firewall or network segmentation

CVEs (1)

CVE-2025-5296

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3370ee2d-2900-472a-a35f-ec0196e9a8c8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.