CNNVD-202508-2374 Information
CNNVD ID
CNNVD-202508-2374
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Schneider Electric EcoStruxure Building Operation Enterprise Server和Schneider Electric EcoStruxure Enterprise Server都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric EcoStruxure Building Operation Enterprise Server是一个企业级楼宇控制系统。该系统以计算机网络为基础、软件为核心,结合智能建筑的工程建设的经验将楼宇中各个具有完整功能的独立分系统组合成一个有机的整体。Schneider Electric EcoStruxure Enterprise Server是一款智能楼宇系统的核心。 Schneider Electric EcoStruxure Building Operation Enterprise Server和Schneider Electric EcoStruxure Enterprise Server存在安全漏洞,该漏洞源于敏感信息暴露,可能导致未经授权访问凭据数据。
Description (English)
Schneider Electric EcoStruxure Building Operation Enterprise Server and Schneider EcoStruxure Server are products of Schneider Electric, France. Schneider Electric EcoStruxure Building Operation Enterprise Server is an enterprise-level building control system. Based on a computer network, with software at its core, the system combines a fully functional and independent subsystem of the building into an organic whole in the light of the experience of engineering in intelligent buildings. Schneider Electric EcoStruxure Enterprise Server is at the heart of a smart building system. There is a security loophole between Schneider Electric EcoStruxure Building Operations Enterprise Server and Schneider EcoStruxure Enterprise Server, which stems from the exposure of sensitive information and may lead to unauthorized access to supporting data.
Hazard Level
Critical
Vulnerability Type
信息泄露
Affected Vendor
施耐德电气。
Published
2025-08-20
Last Modified
2026-02-24
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-04.pdf https://nvd.nist.gov/vuln/detail/CVE-2025-8448
Patch
https://www.se.com/us/en/product-range/62111-ecostruxure-building-operation-software/#overview
Share on: