CyberSecurityBoard
Sponsor Register Login

CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-273-04) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to execute arbitrary code, cause denial of service, or escalate privileges, potentially impacting industrial control systems (ICS) that rely on this software. The advisory highlights the critical nature of these security flaws and urges organizations using EcoStruxure Control Expert to apply the recommended patches and mitigations promptly to protect their operational technology environments. Schneider Electric's EcoStruxure Control Expert is widely used in industrial environments to manage and automate control processes. The identified vulnerabilities pose significant risks, including unauthorized access and control over critical infrastructure components. CISA's advisory provides detailed information on the vulnerabilities, affected versions, and remediation steps. It also emphasizes the importance of maintaining up-to-date software and following best cybersecurity practices to mitigate potential exploitation. This advisory serves as a crucial alert for ICS operators, cybersecurity professionals, and stakeholders in sectors such as energy, manufacturing, and utilities. By addressing these vulnerabilities swiftly, organizations can prevent potential disruptions and safeguard their critical infrastructure from cyber threats. The collaboration between CISA and Schneider Electric underscores the ongoing commitment to enhancing the security posture of industrial control systems. In conclusion, the CISA advisory on Schneider Electric EcoStruxure Control Expert vulnerabilities is a vital resource for ensuring the resilience and security of industrial environments. Organizations are encouraged to review the advisory thoroughly, implement the recommended security measures, and stay vigilant against emerging threats in the ICS landscape.

This Cyber News was published on www.cisa.gov. Publication date: Tue, 30 Sep 2025 16:15:13 +0000


Cyber News related to CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities

CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-273-04) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-275-02) Schneider Electric EcoStruxure Control Expert Multiple Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-275-02) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-238-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 month ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-254-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-254-04 addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to ...
4 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-273-05) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-05, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-254-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-254-07 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
4 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365 CVE-2023-34366
ICS Advisory (ICSA-25-273-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-273-07, addressing critical vulnerabilities in Schneider Electric's Modicon M340 Programmable Logic Controllers ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-273-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-03, addressing critical vulnerabilities in specific ICS products. This advisory highlights the importance of timely ...
1 week ago Cisa.gov CVE-2023-27303
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
ICS Advisory (ICSA-25-254-08) Schneider Electric EcoStruxure Control Expert and Modicon M580 Controllers Multiple Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory concerning multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert and Modicon M580 Controllers. These vulnerabilities could potentially ...
4 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-282-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-282-01, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic ...
16 hours ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
1 year ago Bleepingcomputer.com Cactus
ICS Advisory (ICSA-25-266-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) advisory, ICSA-25-266-04, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
2 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-261-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory, ICSA-25-261-07, addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights significant security risks that could potentially ...
3 weeks ago Cisa.gov CVE-2023-3519 CVE-2023-3520
ICS Advisory (ICSA-25-259-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory (ICSA-25-259-02) addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
3 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-252-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-252-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 month ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
2 years ago
ICS Advisory (ICSA-25-273-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-02, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
1 week ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-261-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-261-03, addressing critical vulnerabilities that impact industrial environments. This advisory highlights the ...
3 weeks ago Cisa.gov CVE-2023-3519 CVE-2023-3520
ICS Advisory (ICSA-25-252-05) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-252-05 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
1 month ago Cisa.gov CVE-2023-34362 CVE-2023-34363
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
2 years ago
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
ICS Advisory (ICSA-25-261-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-261-02 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
3 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-254-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory identified as ICSA-25-254-02 addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights the importance of securing ICS ...
4 weeks ago Cisa.gov CVE-2023-3519 CVE-2023-3520
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)