1. EXECUTIVE SUMMARY
- CVSS v4 4.0
- ATTENTION: Low attack complexity
- Vendor: Schneider Electric
- Equipment: EcoStruxure Panel Server
- Vulnerability: Insertion of Sensitive Information into Log File
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow disclosure of sensitive information, including the disclosure of credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports the following versions of EcoStruxure Panel Server are affected:
- EcoStruxure Panel Server: Versions v2.0 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 Insertion of Sensitive Information into Log File CWE-532
There is an insertion of sensitive information into log files vulnerability that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.
CVE-2025-2002 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-2002. A base score of 4.0 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: