CVE-2025-1960
Published: 12 March 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-1960 is a CWE-1188 vulnerability involving the initialization of a resource with an insecure default, affecting systems where default password credentials have not been changed upon first use. This flaw enables an attacker to execute unauthorized commands and includes an issue where the default username is not displayed correctly in the WebHMI interface. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Any remote attacker with network access can exploit this vulnerability without authentication or user interaction, provided the system's default credentials remain unchanged. Successful exploitation allows the attacker to execute unauthorized commands on the affected system, potentially leading to full compromise including data exfiltration, modification, or disruption.
For mitigation details, security practitioners should refer to the Schneider Electric security advisory SEVD-2025-070-03 available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-03.pdf.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability directly stems from insecure default credentials (CWE-1188) that have not been changed, enabling remote unauthenticated access and command execution on a public-facing WebHMI interface.