Schneider Electric

Plan PatchCVSS 7.3ICS-CERT ICSA-26-022-01Jan 13, 2026

Schneider ElectricAVEVAEnergyManufacturing

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Schneider Electric EcoStruxure™ Process Expert contains a file permission vulnerability (CWE-276) that allows local users to modify executable binaries. Improper access controls on system files enable privilege escalation, which could result in unauthorized code execution and modification of automation control logic.

What this means

What could happen

An attacker with local access to an engineering workstation could modify executable files and escalate privileges to run arbitrary commands on the Process Expert system, potentially altering process control logic or shutting down automation systems.

Who's at risk

Energy and manufacturing operators running Schneider Electric EcoStruxure™ Process or EcoStruxure™ Process Expert for AVEVA System Platform on engineering workstations. This affects SCADA/automation engineering environments where control system logic is designed and deployed.

How it could be exploited

An attacker with local user account access to the engineering workstation running Process Expert can modify executable binaries due to improper file permissions. By replacing or tampering with these binaries and triggering their execution (or relying on automatic execution), the attacker gains elevated privileges, allowing arbitrary code execution within the Process Expert environment.

Prerequisites

Local user account on the engineering workstation running Process Expert
Ability to write to executable file directories on the system
Physical or remote desktop access to the workstation

Privilege escalation possibleLocal access requiredAffects control system engineering platformOne product version has no fix planned

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

EcoStruxure™ Process Expert<20252025

EcoStruxure™ Process Expert All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDEnable application whitelisting at the system level to allow execution of only authenticated/trusted applications (reference Schneider Electric document EIO0000004778)

HARDENINGRestrict local access to the engineering workstation to only authorized personnel who require it

HARDENINGReview and restrict file permissions on Process Expert executable directories to prevent unauthorized modification

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

EcoStruxure™ Process Expert

HOTFIXUpdate EcoStruxure™ Process Expert to version 2025 or later

CVEs (1)

CVE-2025-13905

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/57203145-ad39-4274-93b6-9e10ceff22b2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.