PT-2025-11094 · Schneider Electric · Ecostruxure Power Automation System User Interface+2

Published

2025-03-11

Updated

2025-03-18

CVE-2025-1960

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined.

Description: A vulnerability exists due to the initialization of a resource with an insecure default, which could allow an attacker to execute unauthorized commands if the system's default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

BDU:2025-02540

CVE-2025-1960

Affected Products

Ecostruxure Power Automation System User Interface

Webhmi

Webhmi – Deployed With Ecostruxure Power Automation System

PT-2025-11094 · Schneider Electric · Ecostruxure Power Automation System User Interface+2

CVE-2025-1960

Weakness Enumeration

Related Identifiers

Affected Products

References · 13