Schneider Electric EcoStruxure PME and EPO
Plan Patch7.8ICS-CERT ICSA-26-078-04Mar 19, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric EcoStruxure Power Monitoring Expert (PME) and Power Operation (EPO) contain a vulnerability that allows local arbitrary code execution with high privilege level (CWE-502). The vulnerability affects PME versions through 2024_R2 and EPO 2022 and 2024 when the Advanced Reporting and Dashboards Module is installed. Successful exploitation results in local system compromise, operational disruption, and potential unauthorized administrative control. Affected products are on-premises software used for power system monitoring, control, and operational management in energy and critical infrastructure.
What this means
What could happen
An attacker with local access to a server running PME or EPO could execute arbitrary code with system privileges, potentially disrupting energy monitoring and control operations or gaining administrative control of the system.
Who's at risk
Energy utilities, water authorities, manufacturing facilities, and healthcare systems using Schneider Electric EcoStruxure PME or EPO for power monitoring and operational control. Particularly critical for facilities where PME/EPO serves as the primary monitoring platform for distributed energy resources or load management.
How it could be exploited
An attacker with local access to the PME or EPO server—such as through physical access, a compromised user account, or lateral movement within your network—can exploit this vulnerability to run arbitrary code. This code would run with the same privileges as the software, potentially allowing full system compromise and control of monitoring and operational functions.
Prerequisites
- Local access to the PME or EPO server (physical or via compromised Windows user account)
- Knowledge that PME or EPO is installed on the target system
Local code execution with high privilege impactAffects OT software used in energy-critical operationsNo patch available for EPO 2022 and PME 2022 (end-of-life products)Requires local access but low complexity once access is gained
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
1 with fix2 EOL
ProductAffected VersionsFix Status
EcoStruxure Power Monitoring Expert (PME)≤ 2022; 2023; 2023 R2; 2024; 2024 R22023_R2_Hotfix_282807
EcoStruxure Power Operation (EPO) 2022 Advanced Reporting and Dashboards Module≤ 2022No fix (EOL)
EcoStruxure Power Operation (EPO) 2024 with Advanced Reporting and Dashboards Module2024No fix (EOL)
Remediation & Mitigation
0/7
Do now
0/2EcoStruxure Power Monitoring Expert (PME)
HARDENINGFor end-of-life PME 2022 and EPO 2022: isolate the server from the network or retire the system
WORKAROUNDConfigure Windows firewall to restrict access to PME/EPO servers to only necessary network segments
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
EcoStruxure Power Monitoring Expert (PME)
HOTFIXApply Hotfix_282807 (for PME 2023_R2) or Hotfix_279338 (for PME 2024_R2) from Schneider Electric Customer Care Center
HOTFIXUpgrade to PME 2024 R3 for complete remediation
HARDENINGAudit all Windows-authenticated user accounts with access to PME/EPO and revoke unnecessary access
HARDENINGEnforce complex password policies for all accounts with PME/EPO access
All products
HARDENINGApply principle of least privilege: ensure users have only the access required for their role
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f11ff294-2b4e-4f12-b7fe-e1323a948793