Main Vulnerability Database Vulnerabilities #VU107654

Insecure Default Initialization of Resource in Trio Q Licensed Data Radio - CVE-2025-2442

Published: April 22, 2025

Vulnerability identifier: #VU107654

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2442

CWE-ID: CWE-1188

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Trio Q Licensed Data Radio

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insecure default initialization of resource. An attacker with physical access can set the radio to factory default mode and execute arbitrary code on the system.

How to mitigate CVE-2025-2442

Install updates from vendor's website.

Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-01

Insecure Default Initialization of Resource in Trio Q Licensed Data Radio - CVE-2025-2442

Detailed vulnerability description

How to mitigate CVE-2025-2442

Sources

Please verify you're human