Main Vulnerability Database Vulnerabilities #VU107644

#VU107644 Insecure Storage of Sensitive Information in Trio Q Licensed Data Radio - CVE-2025-2440

Published: April 22, 2025

Vulnerability identifier: #VU107644

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2440

CWE-ID: CWE-922

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Trio Q Licensed Data Radio

Software vendor:
Schneider Electric

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insecure storage of sensitive information. An attacker with physical access can set the radio to factory default mode and gain access to confidential data.

Remediation

Install updates from vendor's website.

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-01

#VU107644 Insecure Storage of Sensitive Information in Trio Q Licensed Data Radio - CVE-2025-2440

Description

Remediation

External links

Please verify you're human