Main Vulnerability Database Vulnerabilities #VU105861

#VU105861 Improper Authentication in EcoStruxure Power Automation System User Interface (EPAS-UI) - CVE-2025-0813

Published: March 19, 2025

Vulnerability identifier: #VU105861

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-0813

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
EcoStruxure Power Automation System User Interface (EPAS-UI)

Software vendor:
Schneider Electric

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-01

#VU105861 Improper Authentication in EcoStruxure Power Automation System User Interface (EPAS-UI) - CVE-2025-0813

Description

Remediation

External links

Please verify you're human