Main Vulnerability Database Vulnerabilities #VU107644

Insecure Storage of Sensitive Information in Trio Q Licensed Data Radio - CVE-2025-2440

Published: April 22, 2025

Vulnerability identifier: #VU107644

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2440

CWE-ID: CWE-922

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Trio Q Licensed Data Radio

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insecure storage of sensitive information. An attacker with physical access can set the radio to factory default mode and gain access to confidential data.

How to mitigate CVE-2025-2440

Install updates from vendor's website.

Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-01

Insecure Storage of Sensitive Information in Trio Q Licensed Data Radio - CVE-2025-2440

Detailed vulnerability description

How to mitigate CVE-2025-2440

Sources

Please verify you're human