ConneXium Network Manager Software
Monitor7.8SEVD-2025-098-01Apr 8, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Schneider Electric ConneXium Network Manager contains vulnerabilities in input validation (CWE-20) and file/data access (CWE-552) that could allow an attacker with local access to an engineering workstation to disclose sensitive configuration data, escalate privileges through man-in-the-middle attacks, trigger denial of service, or execute remote code. The software is used to configure and monitor Schneider Electric administrable devices including switches, routers, firewalls, and Wi-Fi infrastructure. No vendor patch is currently available for affected versions (v2.0.01 and all other versions).
What this means
What could happen
An attacker with local access to an engineering workstation running ConneXium Network Manager could disclose sensitive configuration data, escalate privileges via man-in-the-middle attacks, or execute arbitrary code on the workstation—potentially allowing them to modify settings on critical network infrastructure devices like switches, routers, and firewalls.
Who's at risk
This affects anyone managing Schneider Electric network infrastructure devices—switches, routers, firewalls, and Wi-Fi devices—using ConneXium Network Manager. Your engineering and IT teams who use this software are most at risk, particularly those who manage your municipal electric distribution network, water treatment plant networks, or SCADA remote terminal units through it.
How it could be exploited
An attacker needs local access to a workstation running ConneXium Network Manager, typically by tricking a user into opening a malicious file or accessing a compromised website (CWE-552 indicates an insecure file permissions or data exposure vector). Once they have local execution context, they can exploit CWE-20 (improper input validation) to execute code or conduct a man-in-the-middle attack against the manager software's communications with network devices.
Prerequisites
- Local access to an engineering workstation running ConneXium Network Manager
- User interaction to trigger the vulnerability (e.g., opening a file or link)
- ConneXium Network Manager v2.0.01 or other affected versions installed
No patch availableLocal attack required but user interaction may be low barrierAffects engineering workstations with control system network accessLow EPSS score (0.2%) but high potential impactInput validation weakness (CWE-20)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ConneXium Network Manager All versionsAll versionsNo fix (EOL)
ConneXium Network Manager v2.0.012.0.01No fix (EOL)
Remediation & Mitigation
0/7
Do now
0/4HARDENINGRestrict physical access to controllers and ensure they are locked and never left in 'Program' mode
HARDENINGNever connect ConneXium Network Manager or other programming software to networks other than the intended control system network
HARDENINGScan all removable media (USB drives, CDs) with antivirus before connecting to the isolated network or any node connected to it
HARDENINGPrevent unauthorized mobile devices from connecting to safety or control networks without proper sanitation and verification
Mitigations - no patch available
0/3The following products have reached End of Life with no planned fix: ConneXium Network Manager All versions, ConneXium Network Manager v2.0.01. Apply the following compensating controls:
HARDENINGIsolate control and safety system networks behind firewalls and separate them from the business network to limit the reach of a compromised engineering workstation
HARDENINGEnsure control system devices are not accessible from the Internet and minimize network exposure
HARDENINGUse secure remote access methods such as Virtual Private Networks (VPNs) when remote engineering access is required, keeping VPN software patched to the latest version
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e24bf497-0346-49fe-9a6b-9524b89ce14f