PT-2026-4356 · Schneider Electric · Ecostruxure Process Expert
Published
2026-01-13
·
Updated
2026-01-29
·
CVE-2025-13905
CVSS v4.0
7.0
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Schneider Electric EcoStruxure Process Expert versions prior to 2025
Description
An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service binaries within the installation folder, potentially gaining elevated access upon service restart. This poses a risk to critical manufacturing and energy sectors.
Recommendations
Update to version 2025.
Apply application whitelisting.
Fix
LPE
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Process Expert