Main Vulnerability Database Vulnerabilities #VU105861

Improper Authentication in EcoStruxure Power Automation System User Interface (EPAS-UI) - CVE-2025-0813

Published: March 19, 2025

Vulnerability identifier: #VU105861

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-0813

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
EcoStruxure Power Automation System User Interface (EPAS-UI)

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

How to mitigate CVE-2025-0813

Install updates from vendor's website.

Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-01

Improper Authentication in EcoStruxure Power Automation System User Interface (EPAS-UI) - CVE-2025-0813

Detailed vulnerability description

How to mitigate CVE-2025-0813

Sources

Please verify you're human