Detections
Analytics
Schneider Electric EcoStruxure Panel Server Insertion of Sensitive Information into Log File (CVE-2025-2002)
medium Tenable OT Security Plugin ID 503367
Synopsis
The remote OT asset is affected by a vulnerability.Description
There is an insertion of sensitive information into log files vulnerability that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Version 2.1 or later of EcoStruxure Panel Server includes a fix for this vulnerability and is available for download. Users should download EcoStruxure Power Commission Software v2.33.0 or later, and version v2.1 or later of EcoStruxure Panel Server firmware to complete the upgrade process.See Also
http://www.nessus.org/u?8baecc9f
https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-04
Plugin Details
Severity: Medium
ID: 503367
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 10/20/2025
Updated: 10/20/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v3
Risk Factor: Medium
Base Score: 6
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS v4
Risk Factor: Medium
Base Score: 4
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Vulnerability Information
CPE: cpe:/o:schneider-electric:pas600l, cpe:/o:schneider-electric:pas600pwd, cpe:/o:schneider-electric:pas800, cpe:/o:schneider-electric:pas800l, cpe:/o:schneider-electric:pas600lwd, cpe:/o:schneider-electric:pas800p, cpe:/o:schneider-electric:pas400, cpe:/o:schneider-electric:pas600
Required KB Items: Tenable.ot/Schneider
Exploit Ease: No known exploits are available
Patch Publication Date: 3/18/2025
Vulnerability Publication Date: 3/18/2025
Reference Information
CVE: CVE-2025-2002
CWE: 532
ICSA: 25-077-04