CNNVD-202601-4913 Information
CNNVD ID
CNNVD-202601-4913
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
Schneider Electric EcoStruxure Process Expert是法国施耐德电气(Schneider Electric)公司的一个用于设计、操作和维护整个工厂的下一代过程自动化系统。 Schneider Electric EcoStruxure Process Expert存在安全漏洞,该漏洞源于默认权限不正确,可能导致本地用户在服务重启时修改安装文件夹中的可执行服务二进制文件,从而通过反向shell进行权限提升。
Description (English)
Schneider Electric EcoStruxure Production Express is a next-generation process automation system for the design, operation and maintenance of the entire plant by Schneider Electric of France. There is a security loophole in Schneider Electric EcoStruxure Production Express, which stems from the incorrect default permission, which may lead local users to modify and install the executable binary file in the folder when the service is restarted, thereby enhancing the privileges by reverse shell.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
施耐德电气。
Published
2026-01-29
Last Modified
2026-02-24