Details of VAR-202503-0471

ID

VAR-202503-0471

CVE

CVE-2025-0813

TITLE

Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12361

DESCRIPTION

CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process. Schneider Electric EcoStruxure Power Automation System User Interface is a user interface software for power automation systems developed by Schneider Electric of France. It is used for operators to interact with power automation systems to improve operational efficiency. Schneider Electric EcoStruxure Power Automation System User Interface has an authorization vulnerability. The vulnerability is caused by improper authentication

Trust: 1.44

sources: NVD: CVE-2025-0813 // CNVD: CNVD-2025-12361

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12361

AFFECTED PRODUCTS

vendor:

schneider

model:

electric schneider electric ecostruxure power automation system user interface

scope:

gte

version:

v2.1,<=v2.9

Trust: 0.6

sources: CNVD: CNVD-2025-12361

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com:	CVE-2025-0813
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-12361
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12361
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@se.com:	CVE-2025-0813
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-12361 // NVD: CVE-2025-0813

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2025-0813

PATCH

title:

Patch for Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/696116

Trust: 0.6

sources: CNVD: CNVD-2025-12361

EXTERNAL IDS

db:	NVD	id:	CVE-2025-0813	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2025-070-02	Trust: 1.6
db:	CNVD	id:	CNVD-2025-12361	Trust: 0.6

sources: CNVD: CNVD-2025-12361 // NVD: CVE-2025-0813

REFERENCES

url:

https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-070-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-070-02.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-12361 // NVD: CVE-2025-0813

SOURCES

db:	CNVD	id:	CNVD-2025-12361
db:	NVD	id:	CVE-2025-0813

LAST UPDATE DATE

2025-06-15T23:44:08.784000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12361	date:	2025-06-13T00:00:00
db:	NVD	id:	CVE-2025-0813	date:	2025-03-12T16:15:20.183

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12361	date:	2025-06-12T00:00:00
db:	NVD	id:	CVE-2025-0813	date:	2025-03-12T16:15:20.183