CVE-2025-0327 Information

Description

CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited services need to be restarted.

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf