CVE-2025-0327
Published: 13 February 2025
Description
CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted.
Security Summary
CVE-2025-0327 is a CWE-269 improper privilege management vulnerability affecting two Windows services on engineering workstations from Schneider Electric. One service manages audit trail data, while the other functions as a server handling client requests. Published on 2025-02-13, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to significant impacts on confidentiality, integrity, and availability.
A local attacker with standard low privileges can exploit the vulnerability by modifying the executable path of the affected services. Exploitation requires restarting the services, after which the attacker can achieve a loss of confidentiality, integrity, and availability on the engineering workstation, potentially allowing arbitrary code execution or full system compromise under the services' context.
Schneider Electric has issued security notice SEVD-2025-042-03, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf, which provides details on the vulnerability and recommended mitigations.
Details
- CWE(s)