| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| The vulnerability of the EcoStruxure Panel Server module lies in the exposure of password values in the log file, allowing attackers to disclose sensitive information. | 13 Mar 202500:00 | – | bdu_fstec | |
| CVE-2025-2002 | 12 Mar 202520:23 | – | circl | |
| Schneider Electric EcoStruxure Panel Server 日志信息泄露漏洞 | 12 Mar 202500:00 | – | cnnvd | |
| CVE-2025-2002 | 12 Mar 202515:25 | – | cve | |
| CVE-2025-2002 | 12 Mar 202515:25 | – | cvelist | |
| EUVD-2025-7455 | 3 Oct 202520:07 | – | euvd | |
| Schneider Electric EcoStruxure Panel Server | 11 Mar 202504:00 | – | ics | |
| CVE-2025-2002 | 12 Mar 202516:15 | – | nvd | |
| CVE-2025-2002 | 14 Mar 202522:25 | – | redhatcve | |
| CVE-2025-2002 | 12 Mar 202515:25 | – | vulnrichment |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(503367);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/14");
script_cve_id("CVE-2025-2002");
script_xref(name:"ICSA", value:"25-077-04");
script_name(english:"Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"There is an insertion of sensitive information into log files vulnerability
that could cause the disclosure of FTP server credentials when the FTP server
is deployed, and the device is placed in debug mode by an administrative user
and the debug files are exported from the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-01.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8baecc9f");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-04");
script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Version 2.1 or later of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download.
Users should download EcoStruxure Power Commission Software v2.33.0 or later, and version v2.1 or later of EcoStruxure
Panel Server firmware to complete the upgrade process.
Users should employ appropriate patching methodologies when applying these patches to their systems. Schneider Electric
strongly recommends the use of back-ups and evaluating the impact of these patches in a test and development environment
or on an offline infrastructure. Contact Schneider Electric\'s Customer Care Center for assistance removing a patch.
If users choose not to apply the remediation provided above, they should immediately ensure that debug mode is off will
prevent the credentials from being improperly exposed.
Schneider Electric strongly recommends the following industry cybersecurity best practices.
- Locate control and safety system networks and remote devices behind firewalls and isolate them from the business
network.
- Install physical controls so no unauthorized personnel can access your industrial control and safety systems,
components, peripheral equipment, and networks.
- Place all controllers in locked cabinets and never leave them in the "Program" mode.
- Never connect programming software to any network other than the network intended for that device.
- Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the
terminals or any node connected to these networks.
- Never allow mobile devices that have connected to any other network besides the intended network to connect to the
safety or control networks without proper sanitation.
- Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the
Internet.
- When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may
have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as
secure as the connected devices.
- For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
Please see Schneider Electric Security Notification SEVD-2025-070-01 for more information about this issue.');
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-2002");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(532);
script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2025/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas400");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600l");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800l");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800p");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600lwd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600pwd");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:pas400" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas600" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas600l" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas800" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas800l" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas800p" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas600lwd" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"},
"cpe:/o:schneider-electric:pas600pwd" :
{"versionEndIncluding": "2.0", "family" : "PanelServers"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation