Schneider Electric EcoStruxure

Plan PatchCVSS 7.5ICS-CERT ICSA-25-301-01Oct 14, 2025

Schneider ElectricAVEVAEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Schneider Electric EcoStruxure OPC UA Server Expert and EcoStruxure Modicon Communication Server. These products serve as communication platforms linking Modicon industrial equipment and PLCs to IIoT systems using the OPC UA protocol. The vulnerability is triggered by a resource exhaustion condition (CWE-770) that can cause the OPC UA server to become unresponsive, interrupting real-time process data transmission from controllers. EcoStruxure OPC UA Server Expert versions prior to SV2.01 SP3 are affected; EcoStruxure Modicon Communication Server all current versions are affected with no fix yet planned.

What this means

What could happen

Denial of service affecting the OPC UA communication server could interrupt real-time data flow from Modicon PLCs to monitoring and control systems, potentially causing loss of visibility into critical process parameters or inability to issue remote commands to industrial equipment.

Who's at risk

Energy and manufacturing operators who use Schneider Electric EcoStruxure OPC UA Server Expert or EcoStruxure Modicon Communication Server to connect Modicon PLCs and industrial controllers to monitoring, IIoT, or MES platforms. This affects any facility relying on these servers for real-time process data communication.

How it could be exploited

An attacker with network access to the OPC UA server port can send a malformed request that exhausts resources (memory, connections, or processing) on the server, causing it to become unresponsive and unable to serve legitimate OPC UA clients.

Prerequisites

Network access to the OPC UA Server Expert service port
No authentication required (vulnerability is unauthenticated)

remotely exploitableno authentication requiredlow complexitydenial of service impact on critical data flowOPC UA server is a network-facing service

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

EcoStruxure™ OPC UA Server Expert<SV2.01 SP3SV2.01 SP3

EcoStruxure™ Modicon Communication Server All versionsAll versionsNo fix (EOL)

EcoStruxure OPC UA Server Expert<SV2.01 SP3SV2.01_SP3

EcoStruxure Modicon Communication Server All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGSet Security Policy to Basic256-Sha256 in OPC UA Server configuration

HARDENINGVerify Anonymous user token setting is unchecked (disabled) in OPC UA Server configuration

HARDENINGVerify User authentication and X509 user token settings are enabled (checked) in OPC UA Server configuration

HARDENINGRestrict network access to OPC UA Server ports from only authorized client workstations and systems using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

EcoStruxure OPC UA Server Expert

HOTFIXUpdate EcoStruxure OPC UA Server Expert to version SV2.01 SP3 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: EcoStruxure™ Modicon Communication Server All versions, EcoStruxure Modicon Communication Server All versions. Apply the following compensating controls:

HARDENINGIsolate the OPC UA Server network segment from the business network using firewalls or network segmentation

CVEs (1)

CVE-2024-10085

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6da20471-aba9-4bdb-a9d1-801ee3dd9143

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.