certfr_avis - certfr-2025-avi-0986

CERTFR-2025-AVI-0986

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Schneider Electric EcoStruxure. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Schneider Electric	EcoStruxure	EcoStruxure Machine SCADA Expert versions antérieures à 2023.1 Patch 1

References

Title

Publication Time

CVE-2025-9317 (GCVE-0-2025-9317)

Vulnerability from cvelistv5

Published

2025-11-14 23:49

Modified

2025-11-17 16:55

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.3 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

CWE

CWE-327

Summary

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.

References

URL

Tags

	https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf
	https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03
	https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json

Impacted products

	Vendor	Product	Version
	AVEVA	Edge	Version: 0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9317",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T16:55:08.051296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T16:55:20.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Edge",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "Versions 2023 R2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joao Varelas reported this vulnerability to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
            }
          ],
          "value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-14T23:49:27.149Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\u003c/p\u003e\n\u003cp\u003eUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply AVEVA Edge \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9\"\u003e2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e Security Update and migrate old project files.\u003c/li\u003e\n\u003cli\u003eFor projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\u003c/li\u003e\n\u003cli\u003eRequire AVEVA Edge users to change their passwords.\u003c/li\u003e\n\u003cli\u003eImportant: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\nFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e.\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "AVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\n\n\nUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\n\n\n\n  *  Apply AVEVA Edge  2023 R2 P01 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9 \n\n\n  *   Security Update and migrate old project files.\n\n  *  For projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\n\n  *  Require AVEVA Edge users to change their passwords.\n\n  *  Important: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\n  *  \n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .For more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-317-03",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAccess Control Lists should be applied to all folders where users will save and load project files.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\u003c/li\u003e\n\u003cli\u003eApply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u0026gt; Project Overview \u0026gt; Configuring Additional \nProject Settings \u0026gt; Options Tab \u0026gt; Data Protection.\u003c/li\u003e\n\u003cli\u003eIf passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u0026gt; Tags and the \nTag Database \u0026gt; About Tags and the Project Database.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The following general defensive measures are recommended:\n\n\n\n  *  Access Control Lists should be applied to all folders where users will save and load project files.\n\n  *  Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\n\n  *  Apply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u003e Project Overview \u003e Configuring Additional \nProject Settings \u003e Options Tab \u003e Data Protection.\n\n  *  If passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u003e Tags and the \nTag Database \u003e About Tags and the Project Database.\n\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link:  AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0.\n\nFor more information, see AVEVA\u0027s Security Bulletin  AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s  bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-9317",
    "datePublished": "2025-11-14T23:49:27.149Z",
    "dateReserved": "2025-08-21T12:45:22.693Z",
    "dateUpdated": "2025-11-17T16:55:20.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted