Schneider Electric Plant iT/Brewmaxx

Act Now9.9ICS-CERT ICSA-26-083-03Mar 24, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ProLeiT Plant iT/Brewmaxx versions 9.60 and later contain privilege escalation and code execution vulnerabilities related to unsafe handling of Redis eval commands (CWE-94, CWE-416, CWE-190). An authenticated user can exploit these flaws to escalate privileges and execute arbitrary code on application servers, VisuHub components, engineering workstations, and emergency mode workstations. Successful exploitation allows an attacker to manipulate process parameters, disable safety controls, or disrupt operations in energy production and manufacturing environments.

What this means

What could happen

An authenticated attacker could exploit privilege escalation vulnerabilities to execute arbitrary code on ProLeiT Plant iT/Brewmaxx servers, potentially allowing them to modify process parameters, disable safety interlocks, or halt production in energy and manufacturing facilities.

Who's at risk

Energy and manufacturing organizations running Schneider Electric ProLeiT Plant iT/Brewmaxx version 9.60 and later should prioritize this update. This affects production planning and batch management systems in refineries, chemical plants, beverage facilities, and power generation sites where ProLeiT orchestrates recipes, scheduling, and process control.

How it could be exploited

An attacker with valid credentials to the ProLeiT application can leverage privilege escalation through use of eval commands in Redis to execute arbitrary code. The attack requires network access to the ProLeiT application server, VisuHub, or engineering workstations, and valid user credentials (not admin-level required). Once code execution is achieved, the attacker gains control over process logic and system configuration.

Prerequisites

Network access to ProLeiT Plant iT/Brewmaxx application server, VisuHub, or engineering workstations on ports used by the application
Valid user credentials for the ProLeiT application (authenticated user, not necessarily administrator)
Redis eval commands enabled (default or misconfigured state)
Application server, VisuHub, or engineering workstation with ProLeiT version 9.60 or later running

Remotely exploitable over networkRequires valid user credentials (low barrier)Low complexity attackHigh EPSS score (13.2% exploit probability)Affects process control and production systemsPrivilege escalation to code executionCritical CVSS score (9.9)

Exploitability

High exploit probability (EPSS 13.2%)

Affected products (1)

ProductAffected VersionsFix Status

ProLeiT Plant iT/Brewmaxx≥ 9.60ProLeiT-2025-001

Remediation & Mitigation

0/8

Do now

0/4

HOTFIXInstall Patch ProLeiT-2025-001 from ProLeiT Support on all ProLeiT servers and workstations

HARDENINGAfter patching, disable eval commands in Redis on the application server, VisuHub, engineering workstations, and emergency mode workstations

HARDENINGForce usage of secure Redis configuration templates in system settings as documented in the patch manual

HOTFIXRestart all patched servers and workstations to apply security changes

Long-term hardening

0/4

HARDENINGIsolate ProLeiT Plant iT/Brewmaxx control system networks from business networks using firewalls

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing servers and engineering workstations running ProLeiT

HARDENINGEnsure ProLeiT servers and workstations are not directly accessible from the Internet; use VPN with multi-factor authentication for required remote access

HARDENINGScan all removable media (USB drives, CDs) for malware before connecting to ProLeiT workstations

CVEs (4)

CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/23d2506d-ab7f-45d7-a109-2a82465fec15