CVE-2025-0327

Name of the Vulnerable Software and Affected Versions EcoStruxure Process Expert version 2020R2

Description The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could lead to a loss of confidentiality, integrity, and availability of the engineering workstation if an attacker with standard privileges modifies the executable path of the Windows services. The services need to be restarted for the issue to be exploited.

Recommendations For EcoStruxure Process Expert version 2020R2, consider disabling the modification of executable paths for Windows services until a patch is available. Restrict access to the services managing audit trail data and client requests to minimize the risk of exploitation. As a temporary workaround, avoid restarting the affected services until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.