—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Schneider Electric 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives- All versions

ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993-Altivar Process Drives -All versions

ILC992 InterLink Converter- All versions

ATV340E Altivar Machine Drives- All versions

ATV6000 Medium Voltage Altivar Process Drives- All versions

ATS490 Altivar Soft Starter- All versions

VW3A3720 & VW3A3721 Altivar Process Communication Modules- All versions

VW3A3530D: ATVdPAC module Versions prior to v25.0

Saitel DR RTU versions 11.06.29 and prior

Saitel DP RTU versions 11.06.33 and prior

Overview

Multiple vulnerabilities have been reported in Schneider Electric products which could allow an attacker to bypass security controls, access sensitive information through the victim¿s browser, perform cross-site scripting (XSS) attacks, execute arbitrary commands, and potentially compromise the targeted system.

Target Audience:

All organizations and individuals using the affected Schneider Electric products.

Risk Assessment:

Medium risk of cross-site scripting (XSS) in user browsers and OS command execution during authenticated SSH sessions on Saitel devices.

Impact Assessment:

Potential exposure or modification of data rendered in a victim’s browser, and possible execution of unauthorised OS commands on Saitel devices, depending on the privileges of the account used.

Description

Schneider Electric develops products and solutions for energy management and industrial automation, used across various sectors including residential, commercial, and industrial applications.

The vulnerabilities arise due to insufficient input neutralisation in web page generation (Altivar/XSS) and improper neutralisation of special elements in BLMon commands during SSH sessions (Saitel/OS-CI).

Successful exploitation of these vulnerabilities could allow an attacker to bypass security controls, access sensitive information through the victims browser, perform cross-site scripting (XSS) attacks, execute arbitrary commands, and potentially compromise the targeted system.

Solution

Apply appropriate updates (where available) as mentioned in Schneider Electric advisory, or apply mitigations as suggested:

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-02.pdf

Vendor Information

Schneider Electric

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

References

 

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-02.pdf

CVE Name

CVE-2025-7746

CVE-2025-9996

CVE-2025-9997

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjJcJoACgkQ3jCgcSdc

ys8rwBAAgWJ7IY7jIYAcjmiYp5qn8HoHMS37KYB/IXswlh0pA/p6S1RRKNv1BIz+

b87aY/4go9DEL9fh34/NOJxgHTp9nAa7Z466jA/TQV3EJ41phTjjjrs+mtLDJRsI

tD7BON1NN4nl73XAFu8yEvzCXD6cFQMLxP9HAOmfNJ26DlVmzhYHbMZReKxipG7d

BsUWLHyagmA0CECCrABWpxWo/6ZJwvycBYVjRGP0h7TUQQdPDuodmehH13JeN1nM

l7yH/XU8pPJ733P2CeHUOG31LyCvZp8O51vCRRQhLQmLwvTUpkCDyljRMEzCVmOB

tCD19wKsN0FDgfCx+dJXNEjvTo/LpZ1obaL1K74MFyo75FBP9K9otkZHGofKwGTM

RIgtoooG8oJtbo/ByE24kMfj/GxFh6WfcVlWWybVK8j/oVsBqsZ3j8usn6Fa24lf

rHhD5rXpTQRDlAi0F1d1SkHxJwpDDELbw62KcvOtTfnLaw08CIcMqSRl7l0nf8Ng

jd1mAdVIwdCPL47Fcw1OIBG2MbgySluD6YDJ16YoAg/L5gj8wsjV6I47srG61JdK

OMkOhlISQu+NuXqwyE0VK4cgH1j7ow5uNYvuktJIqr9DK24LKGAXYfLOm4r6hI+d

XmeHRd3xkPwe7RbNlpctu/v+owmf5Ov6jqhHsO8AP0imOfZWpLQ=

=vsIC

—–END PGP SIGNATURE—–