Vulnerability-Lookup

CERTFR-2026-AVI-0566

Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EcoStruxure Power Automation System Gateway (EPAS-GTW) versions antérieures ou égales à 6.4.616.200.100
Schneider Electric	N/A	Easergy MiCOM P532 vers:generic/ versions antérieures ou égales à P532.678.700 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	EcoStruxure Process Expert 2023 versions antérieures à 4.8.0.5715
Schneider Electric	N/A	Easergy MiCOM P634 versions antérieures à P634.680.700
Schneider Electric	N/A	EcoStruxure Panel Server PAS800V2 versions antérieures ou égales à 002.005.000
Schneider Electric	N/A	Easergy MiCOM P138 vers:generic/ versions antérieures ou égales à P138.677.700
Schneider Electric	N/A	Easergy MiCOM P40 Series toutes versions pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM P631 vers:generic/ versions antérieures ou égales à P631.678.700 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM P638 vers:generic/ versions antérieures ou égales à P638.677.700 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	EcoStruxure Process Expert for AVEVA System Platform versions antérieures à 2023
Schneider Electric	N/A	Easergy MiCOM P632 vers:generic/ versions antérieures ou égales à P632.678.700
Schneider Electric	N/A	EcoStruxure Power Automation System User Interface (EPAS-UI) versions antérieures ou égales à 3.0.3 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM P539 vers:generic/ versions antérieures ou égales à P539.678.700
Schneider Electric	N/A	Easergy MiCOM P634 vers:generic/ versions antérieures ou égales à P634.678.700
Schneider Electric	N/A	Easergy MiCOM P436 vers:generic/ versions antérieures ou égales à P436.677.701 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM C264 vers:generic/ versions antérieures ou égales à D7.33
Schneider Electric	N/A	Easergy MiCOM P439 vers:generic/ versions antérieures ou égales à P439.678.700
Schneider Electric	N/A	EcoStruxure Panel Server PAS600 versions antérieures ou égales à 002.005.000
Schneider Electric	N/A	Easergy C5 versions antérieures ou égales à 1.1.17
Schneider Electric	N/A	Easergy MiCOM P139 vers:generic/ versions antérieures ou égales à P139.678.700 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM P437 vers:generic/ versions antérieures ou égales à P437.678.700 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	Easergy MiCOM P438 vers:generic/ versions antérieures ou égales à P438.677.701 pour la vulnérabilité CVE-2026-4827
Schneider Electric	N/A	EcoStruxure Panel Server PAS400 versions antérieures ou égales à 002.005.000
Schneider Electric	N/A	EcoStruxure Panel Server PAS600V2 versions antérieures ou égales à 002.005.000
Schneider Electric	N/A	Easergy MiCOM C434 vers:generic/ versions antérieures ou égales à C434.679.700
Schneider Electric	N/A	Ecostruxure Machine Expert HVAC versions antérieures à 1.10.0
Schneider Electric	N/A	EcoStruxure Process Expert versions antérieures à 2020 R2 pour la vulnérabilité CVE-2025-0327
Schneider Electric	N/A	EcoStruxure Process Expert for AVEVA System Platform versions antérieures à 2021
Schneider Electric	N/A	Easergy MiCOM P633 versions antérieures à P633.680.700
Schneider Electric	N/A	EcoStruxure Process Expert for AVEVA System Platform versions antérieures à 2020 R2
Schneider Electric	N/A	EcoStruxure Power Operation vers:generic/ versions antérieures ou égales à 2024 CU2
Schneider Electric	N/A	EcoStruxure Power Operation vers:generic/ versions antérieures ou égales à 2022 CU6
Schneider Electric	N/A	Easergy MiCOM P633 vers:generic/ versions antérieures ou égales à P633.678.700
Schneider Electric	N/A	EcoStruxure Panel Server PAS800 versions antérieures ou égales à 002.005.000
Schneider Electric	N/A	EcoStruxure Process Expert versions antérieures à 2021 pour la vulnérabilité CVE-2025-0327

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2026-132-02	2026-05-12	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2026-132-04	2026-05-12	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2025-042-03	2026-05-12	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2026-132-01	2026-05-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EcoStruxure Power Automation System Gateway (EPAS-GTW) versions ant\u00e9rieures ou \u00e9gales \u00e0 6.4.616.200.100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P532 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P532.678.700 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert 2023 versions ant\u00e9rieures \u00e0 4.8.0.5715",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P634 versions ant\u00e9rieures \u00e0 P634.680.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Panel Server PAS800V2 versions ant\u00e9rieures ou \u00e9gales \u00e0 002.005.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P138 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P138.677.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P40 Series toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P631 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P631.678.700 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P638 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P638.677.700 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert for AVEVA System Platform versions ant\u00e9rieures \u00e0 2023",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P632 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P632.678.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Automation System User Interface (EPAS-UI) versions ant\u00e9rieures ou \u00e9gales \u00e0 3.0.3 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P539 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P539.678.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P634 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P634.678.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P436 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P436.677.701 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM C264 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 D7.33",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P439 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P439.678.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Panel Server PAS600 versions ant\u00e9rieures ou \u00e9gales \u00e0 002.005.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy C5 versions ant\u00e9rieures ou \u00e9gales \u00e0 1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P139 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P139.678.700 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P437 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P437.678.700 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P438 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P438.677.701 pour la vuln\u00e9rabilit\u00e9 CVE-2026-4827",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Panel Server PAS400 versions ant\u00e9rieures ou \u00e9gales \u00e0 002.005.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Panel Server PAS600V2 versions ant\u00e9rieures ou \u00e9gales \u00e0 002.005.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM C434 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 C434.679.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Ecostruxure Machine Expert HVAC versions ant\u00e9rieures \u00e0 1.10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2020 R2 pour la vuln\u00e9rabilit\u00e9 CVE-2025-0327",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert for AVEVA System Platform versions ant\u00e9rieures \u00e0 2021",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P633 versions ant\u00e9rieures \u00e0 P633.680.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert for AVEVA System Platform versions ant\u00e9rieures \u00e0 2020 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Operation vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 2024 CU2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Operation vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 2022 CU6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easergy MiCOM P633 vers:generic/ versions ant\u00e9rieures ou \u00e9gales \u00e0 P633.678.700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Panel Server PAS800 versions ant\u00e9rieures ou \u00e9gales \u00e0 002.005.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021 pour la vuln\u00e9rabilit\u00e9 CVE-2025-0327",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-6866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6866"
    },
    {
      "name": "CVE-2025-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0327"
    },
    {
      "name": "CVE-2026-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4827"
    },
    {
      "name": "CVE-2026-6332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6332"
    }
  ],
  "initial_release_date": "2026-05-12T00:00:00",
  "last_revision_date": "2026-05-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0566",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Schneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2026-132-02",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-132-02.pdf"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2026-132-04",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-132-04.pdf"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2025-042-03",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-042-03.pdf"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2026-132-01",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-132-01.pdf"
    }
  ]
}

CVE-2025-0327 (GCVE-0-2025-0327)

Vulnerability from cvelistv5 – Published: 2025-02-13 06:20 – Updated: 2025-02-13 14:56

Summary

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

EcoStruxure Process Expert

Affected: Versions 2020R2
Affected: Versions 2021 & 2023 (prior to v4.8.0.5715)

Schneider Electric

EcoStruxure Process Expert for AVEVA System Platform

Affected: Versions 2020R2
Affected: Versions 2021 & 2023

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T14:55:58.362547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:56:12.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 2020R2"
            },
            {
              "status": "affected",
              "version": "Versions  2021 \u0026 2023 (prior to v4.8.0.5715)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert for AVEVA System Platform",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 2020R2"
            },
            {
              "status": "affected",
              "version": "Versions  2021 \u0026 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit\ntrail data and the other acting as server managing client request) that could cause a loss of Confidentiality,\nIntegrity and Availability of engineering workstation when an attacker with standard privilege modifies the\nexecutable path of the windows services. To be exploited, services need to be restarted.\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit\ntrail data and the other acting as server managing client request) that could cause a loss of Confidentiality,\nIntegrity and Availability of engineering workstation when an attacker with standard privilege modifies the\nexecutable path of the windows services. To be exploited, services need to be restarted."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T06:20:26.852Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-042-03.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2025-0327",
    "datePublished": "2025-02-13T06:20:26.852Z",
    "dateReserved": "2025-01-08T13:34:15.419Z",
    "dateUpdated": "2025-02-13T14:56:12.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2026-AVI-0566

Solutions

CVE-2025-0327 (GCVE-0-2025-0327)

Tags

Sightings

Nomenclature