Schneider Electric
Plan Patch7.3ICS-CERT ICSA-26-022-01Jan 13, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
Schneider Electric EcoStruxure™ Process Expert contains an improper file permissions vulnerability (CWE-276) that allows a local user with low privileges to modify executable binaries, leading to privilege escalation and potential code execution with elevated rights. This affects the EcoStruxure™ Process and EcoStruxure™ Process Expert for AVEVA System Platform products used for plant-wide automation engineering and operational control.
What this means
What could happen
An attacker with local access could modify executable files and gain elevated privileges on the engineering workstation, potentially allowing them to alter or control automation logic across your plant infrastructure.
Who's at risk
Energy utilities and manufacturing facilities using EcoStruxure™ Process Expert for industrial automation engineering, process design, and control system management. This affects engineering workstations and control servers that run this Schneider Electric automation platform.
How it could be exploited
An attacker with local user access to a machine running EcoStruxure™ Process Expert could modify executable binaries due to insufficient file permission controls. Once modified, the attacker can execute code with elevated privileges to manipulate process automation logic or steal engineering credentials.
Prerequisites
- Local user account on the engineering workstation running EcoStruxure™ Process Expert
- Write access to executable file directories (typically present due to improper permissions)
- User interaction to execute the modified binaries
Local attack only (requires user to be on the machine)Low complexity exploitationPrivilege escalation capabilityAffects engineering and automation infrastructure
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
1 with fix1 pending
ProductAffected VersionsFix Status
EcoStruxure™ Process Expert<20252025
EcoStruxure™ Process Expert All VersionsAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/3EcoStruxure™ Process Expert
HARDENINGReview and enforce proper file permissions on EcoStruxure™ Process Expert installation directories to prevent unauthorized modification
All products
WORKAROUNDImplement application whitelisting at the system level to allow execution only of authenticated applications per Schneider Electric guidance (EIO0000004778)
HARDENINGRestrict system access to only authorized engineering and operator personnel
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
EcoStruxure™ Process Expert
HOTFIXUpgrade EcoStruxure™ Process Expert to version 2025 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/57203145-ad39-4274-93b6-9e10ceff22b2