OTPulse
FeedAboutContact

Schneider Electric EcoStruxure

Plan Patch7.5ICS-CERT ICSA-25-301-01Oct 14, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Vulnerability in EcoStruxure OPC UA Server Expert and EcoStruxure Modicon Communication Server. These products serve as OPC UA communication platforms linking Modicon PLCs and industrial equipment to IIoT systems and AVEVA System Platform. The vulnerability can cause denial of service of the OPC UA server, resulting in loss of real-time process data from connected Modicon controllers.

What this means
What could happen
A denial-of-service attack could disable the OPC UA server and interrupt real-time data flow from Modicon PLCs to upstream systems, potentially disrupting visibility into industrial processes and control system communications.
Who's at risk
Organizations operating Schneider Electric Modicon PLCs and EcoStruxure systems in energy and manufacturing sectors should assess exposure. This affects any facility using EcoStruxure OPC UA Server Expert to connect Modicon controllers to AVEVA System Platform or other IIoT systems that depend on continuous OPC UA data flow.
How it could be exploited
An attacker with network access to the OPC UA server port could send a crafted request that exhausts server resources, causing the service to stop responding. This would sever the communication link between Modicon controllers and IIoT/AVEVA systems.
Prerequisites
  • Network access to EcoStruxure OPC UA Server Expert listening port
  • No authentication required (based on CVSS PR:N)
  • Knowledge of OPC UA protocol
remotely exploitableno authentication requiredlow complexity attackaffects industrial communicationno patch available for Modicon Communication Server
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
EcoStruxure OPC UA Server Expert<SV2.01 SP3SV2.01_SP3
EcoStruxure Modicon Communication Server All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/5
HARDENINGSet Security Policy to Basic256-Sha256 for OPC UA client-server communication
HARDENINGEnsure Anonymous user token setting remains unchecked to disable anonymous access
HARDENINGVerify User authentication setting is checked to enforce client authentication
HARDENINGVerify X509 user token setting is checked to enforce certificate-based authentication
HARDENINGRestrict network access to OPC UA server ports to only authorized client workstations and PLCs
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

EcoStruxure OPC UA Server Expert
HOTFIXUpgrade EcoStruxure OPC UA Server Expert to version SV2.01_SP3 or later
Mitigations - no patch available
0/1
EcoStruxure Modicon Communication Server All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPlace EcoStruxure servers behind firewall, isolated from business network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6da20471-aba9-4bdb-a9d1-801ee3dd9143