OTPulse
FeedAboutContact

EcoStruxure™ Panel Server

Monitor6SEVD-2025-070-01Mar 11, 2025
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

EcoStruxure™ Panel Server versions 2.0 and earlier fail to properly protect sensitive information stored on the device. This allows an attacker with high-privilege local or remote access to read and disclose credentials and configuration data. The vulnerability could expose credentials needed to access downstream edge control applications or cloud services integrated with the gateway. Version V2.1 or later includes a fix.

What this means
What could happen
An attacker with high-level local access could read sensitive information stored on the Panel Server, including credentials and configuration data, potentially compromising downstream systems or cloud applications that rely on this gateway.
Who's at risk
Energy utilities and industrial facilities using Schneider Electric's EcoStruxure™ Panel Server as an edge gateway to connect control systems and cloud platforms. This affects organizations relying on the gateway for secure data exchange between operational technology networks and enterprise systems.
How it could be exploited
An attacker with administrative or high-privilege local access to the Panel Server could extract sensitive data from the device's memory or storage due to improper information protection. This requires either physical access to the device or remote access with high-privilege credentials already compromised.
Prerequisites
  • High-privilege account credentials (administrative user)
  • Local or remote access to the Panel Server management interface
  • Knowledge of device configuration and credential storage mechanisms
Credential exposure riskRequires high-privilege access to exploitAffects cloud integration pathNo active exploitation reported
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure™ Panel Server≤ 2.0V2.1
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure™ Panel Server firmware to version V2.1 or later
HOTFIXUpgrade EcoStruxure™ Power Commission Software to version 2.33.0 or later to support the new Panel Server firmware
Long-term hardening
0/2
HARDENINGRestrict administrative access to the Panel Server to authorized personnel only; enforce strong authentication for high-privilege accounts
HARDENINGImplement network segmentation to limit local and remote access to the Panel Server to trusted networks and workstations
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/46eb55dc-7f7b-4630-8913-66d371900f76
EcoStruxure™ Panel Server | CVSS 6 - OTPulse