Schneider Electric Software Update
Plan Patch7.3SEVD-2025-224-03Aug 12, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in Schneider Electric Software Update (SESU) version 3.0.12 and earlier, and multiple dependent applications in the EcoStruxure and Easergy product families, allows local attackers to write arbitrary data to protected system locations. Exploitation could lead to privilege escalation, file corruption, information disclosure, or denial of service. The vulnerability is present in 26 Schneider software products used for power automation, protection relay configuration, HVAC control, and machine expert programming.
What this means
What could happen
An attacker with local access to an engineering workstation or configuration system running vulnerable Schneider Electric software could write arbitrary files to protected system locations, potentially escalating privileges, corrupting application configurations, or causing persistent service outages that disrupt power grid or automation operations.
Who's at risk
Municipal utilities and industrial facilities that use Schneider Electric control and automation software, particularly energy sector operators running power distribution systems, microgrid operations, or electrical protection devices. Affected users include system integrators, automation engineers, and configuration technicians on workstations running EcoStruxure suite, Easergy protection relays, PowerLogic analytics, or other Schneider configuration tools.
How it could be exploited
An attacker with local user access to a workstation running vulnerable SESU or dependent applications (Easergy Studio, EcoStruxure suite, etc.) could exploit a path traversal or file write vulnerability to place malicious files in system directories. This could allow privilege escalation or persistence, since these tools are typically run by engineers with elevated access on critical infrastructure networks.
Prerequisites
- Local user account on the affected workstation or configuration system
- One of the listed vulnerable Schneider Electric software products installed and running on Windows
- Ability to interact with the software application or file system
Local access required but low complexityPrivilege escalation possibleAffects multiple mission-critical configuration and engineering toolsCould cause denial of service to automation or monitoring systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (26)
26 with fix
ProductAffected VersionsFix Status
SESU<3.0.123.0.12
BESS ANSI<3.0.123.0.12
Easergy MiCOM P30<3.0.123.0.12
Easergy MiCOM P40<3.0.123.0.12
Easergy Studio<3.0.123.0.12
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SESU
HOTFIXPrioritize patching SESU (Schneider Electric Software Update) first, as it may automatically update dependent products in the background if configured
All products
HOTFIXUpdate all affected Schneider Electric products to version 3.0.12 or later
Long-term hardening
0/3HARDENINGRestrict local user access to engineering workstations and configuration systems to authorized personnel only
HARDENINGEnforce principle of least privilege for engineer workstation accounts; do not run Schneider software with unnecessary administrative rights
HARDENINGImplement file integrity monitoring on system directories and configuration folders where these tools operate
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eeba2657-163a-446d-b5fa-ac8c2feb489b