1. EXECUTIVE SUMMARY
- CVSS v4 8.3
- ATTENTION: Low Attack Complexity
- Vendor: Schneider Electric
- Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio
- Vulnerability: Use of a Broken or Risky Cryptographic Algorithm
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following products use an affected AVEVA component:
- EcoStruxure Machine SCADA Expert: Versions prior to 2023.1 Patch 1
- Pro-face BLUE Open Studio: Versions prior to 2023.1 Patch 1
3.2 VULNERABILITY OVERVIEW
3.2.1 Use of a Broken or Risky Cryptographic Algorithm CWE-327
The vulnerability disclosed by AVEVA Group Limited impacts the affected Schneider Electric software. Additional information about the vulnerabilities can be found in the AVEVA advisory AVEVA-2025-006. The vulnerability, if exploited, could allow a attacker with read access to Edge project files or Edge offline cache files to reverse engineer Edge users’ app-native or active directory passwords through computational brute-forcing of weak hashes.
CVE-2025-9317 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-9317. A base score of 8.3 has been cal
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: