1. EXECUTIVE SUMMARY
- CVSS v3 6.7
- ATTENTION: Low Attack Complexity
- Vendor: Schneider Electric
- Equipment: Saitel DR RTU, Saitel DP RTU
- Vulnerability: Improper Privilege Management
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following products are affected:
- Schneider Electric Saitel DR RTU: versions 11.06.29 and prior
- Schneider Electric Saitel DP RTU: versions 11.06.34 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269
An improper privilege management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts.
CVE-2025-8453 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Communications, Critical Manufacturing, Energy, Transportation Systems
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Robin Senn and Sebastian Krause of GAI NetConsult GmbH reported this vulnerability to Schneider Electric.
Schneider Electric reported this vulnerability to CISA.
4. MITIGATIONS<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: