CyberSecurityBoard
Sponsor Register Login

CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-273-04) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to execute arbitrary code, cause denial of service, or escalate privileges, potentially impacting industrial control systems (ICS) that rely on this software. The advisory highlights the critical nature of these security flaws and urges organizations using EcoStruxure Control Expert to apply the recommended patches and mitigations promptly to protect their operational technology environments. Schneider Electric's EcoStruxure Control Expert is widely used in industrial environments to manage and automate control processes. The identified vulnerabilities pose significant risks, including unauthorized access and control over critical infrastructure components. CISA's advisory provides detailed information on the vulnerabilities, affected versions, and remediation steps. It also emphasizes the importance of maintaining up-to-date software and following best cybersecurity practices to mitigate potential exploitation. This advisory serves as a crucial alert for ICS operators, cybersecurity professionals, and stakeholders in sectors such as energy, manufacturing, and utilities. By addressing these vulnerabilities swiftly, organizations can prevent potential disruptions and safeguard their critical infrastructure from cyber threats. The collaboration between CISA and Schneider Electric underscores the ongoing commitment to enhancing the security posture of industrial control systems. In conclusion, the CISA advisory on Schneider Electric EcoStruxure Control Expert vulnerabilities is a vital resource for ensuring the resilience and security of industrial environments. Organizations are encouraged to review the advisory thoroughly, implement the recommended security measures, and stay vigilant against emerging threats in the ICS landscape.

This Cyber News was published on www.cisa.gov. Publication date: Tue, 30 Sep 2025 16:15:13 +0000


Cyber News related to CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities

CISA | ICS Advisory (ICSA-25-273-04) Schneider Electric EcoStruxure Control Expert Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-273-04) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-275-02) Schneider Electric EcoStruxure Control Expert Multiple Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-25-275-02) regarding multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow an attacker to ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-238-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-238-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
5 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
CISA ICS Advisory (ICSA-25-294-06) - Schneider Electric EcoStruxure Control Expert Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory regarding critical vulnerabilities found in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to execute ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-254-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-254-04 addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-289-09) Schneider Electric EcoStruxure Control Expert and EcoStruxure Machine Expert Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory concerning multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert and EcoStruxure Machine Expert software. These vulnerabilities could ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-273-05) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-05, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-254-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-254-07 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365 CVE-2023-34366
ICS Advisory (ICSA-25-273-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-273-07, addressing critical vulnerabilities in Schneider Electric's Modicon M340 Programmable Logic Controllers ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-273-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-03, addressing critical vulnerabilities in specific ICS products. This advisory highlights the importance of timely ...
4 months ago Cisa.gov CVE-2023-27303
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
ICS Advisory (ICSA-25-289-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-289-03, addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. This advisory ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-308-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) issued ICS Advisory ICSA-25-308-03 addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-254-08) Schneider Electric EcoStruxure Control Expert and Modicon M580 Controllers Multiple Vulnerabilities - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory concerning multiple vulnerabilities found in Schneider Electric's EcoStruxure Control Expert and Modicon M580 Controllers. These vulnerabilities could potentially ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-282-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-282-01, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
2 years ago Bleepingcomputer.com Cactus
ICS Advisory (ICSA-25-301-01) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-301-01, addressing critical vulnerabilities in the Schneider Electric Modicon M340 Programmable Logic Controller (PLC). This ...
3 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-266-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) advisory, ICSA-25-266-04, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-259-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory (ICSA-25-259-02) addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-252-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-252-03, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
5 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364
ICS Advisory (ICSA-25-261-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory, ICSA-25-261-07, addressing critical vulnerabilities in industrial control systems (ICS). This advisory highlights significant security risks that could potentially ...
4 months ago Cisa.gov CVE-2023-3519 CVE-2023-3520
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
2 years ago
ICS Advisory (ICSA-25-273-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory, ICSA-25-273-02, addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers ...
4 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-252-05) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-252-05 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
5 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
ICS Advisory (ICSA-25-261-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released an important Industrial Control Systems (ICS) advisory, ICSA-25-261-03, addressing critical vulnerabilities that impact industrial environments. This advisory highlights the ...
4 months ago Cisa.gov CVE-2023-3519 CVE-2023-3520

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)