Lucene search
K

Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)

🗓️ 20 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 5 Views

Schneider EcoStruxure Panel Server may expose credentials in logs when debug mode exports files.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the EcoStruxure Panel Server module lies in the exposure of password values in the log file, allowing attackers to disclose sensitive information.
13 Mar 202500:00
bdu_fstec
Circl
CVE-2025-2002
12 Mar 202520:23
circl
CNNVD
Schneider Electric EcoStruxure Panel Server 日志信息泄露漏洞
12 Mar 202500:00
cnnvd
CVE
CVE-2025-2002
12 Mar 202515:25
cve
Cvelist
CVE-2025-2002
12 Mar 202515:25
cvelist
EUVD
EUVD-2025-7455
3 Oct 202520:07
euvd
ICS
Schneider Electric EcoStruxure Panel Server
11 Mar 202504:00
ics
NVD
CVE-2025-2002
12 Mar 202516:15
nvd
RedhatCVE
CVE-2025-2002
14 Mar 202522:25
redhatcve
Vulnrichment
CVE-2025-2002
12 Mar 202515:25
vulnrichment
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(503367);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/14");

  script_cve_id("CVE-2025-2002");
  script_xref(name:"ICSA", value:"25-077-04");

  script_name(english:"Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"There is an insertion of sensitive information into log files vulnerability 
that could cause the disclosure of FTP server credentials when the FTP server 
is deployed, and the device is placed in debug mode by an administrative user 
and the debug files are exported from the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-01.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8baecc9f");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-04");
  script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Version 2.1 or later of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download.
Users should download EcoStruxure Power Commission Software v2.33.0 or later, and version v2.1 or later of EcoStruxure
Panel Server firmware to complete the upgrade process.

Users should employ appropriate patching methodologies when applying these patches to their systems. Schneider Electric
strongly recommends the use of back-ups and evaluating the impact of these patches in a test and development environment
or on an offline infrastructure. Contact Schneider Electric\'s Customer Care Center for assistance removing a patch.

If users choose not to apply the remediation provided above, they should immediately ensure that debug mode is off will
prevent the credentials from being improperly exposed.

Schneider Electric strongly recommends the following industry cybersecurity best practices.

- Locate control and safety system networks and remote devices behind firewalls and isolate them from the business
network.
- Install physical controls so no unauthorized personnel can access your industrial control and safety systems,
components, peripheral equipment, and networks.
- Place all controllers in locked cabinets and never leave them in the "Program" mode.
- Never connect programming software to any network other than the network intended for that device.
- Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the
terminals or any node connected to these networks.
- Never allow mobile devices that have connected to any other network besides the intended network to connect to the
safety or control networks without proper sanitation.
- Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the
Internet.
- When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may
have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as
secure as the connected devices.
- For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

Please see Schneider Electric Security Notification SEVD-2025-070-01 for more information about this issue.');
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-2002");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(532);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas400");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600l");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800l");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas800p");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600lwd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:pas600pwd");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:pas400" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas600" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas600l" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas800" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas800l" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas800p" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas600lwd" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"},
    "cpe:/o:schneider-electric:pas600pwd" :
        {"versionEndIncluding": "2.0", "family" : "PanelServers"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Feb 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 44
CVSS 3.16
EPSS0.00156
SSVC
5