Rewterz

RedLine Stealer – Active IOCs

March 13, 2025
Rewterz

Multiple Fortinet Products Vulnerabilities

March 13, 2025

ICS: Multiple Schneider Electric Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-1960 CVSS:9.8

Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.

CVE-2025-0813 CVSS:7

Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process.

CVE-2025-2002 CVSS:6

Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.

Impact

  • Gain Access
  • Security Bypass
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-1960

  • CVE-2025-0813

  • CVE-2025-2002

Affected Vendors

Schneider Electric

Affected Products

  • Schneider Electric EcoStruxure Power Automation System - WebHMI v4.1.0.0 and EPAS 2.6.30.19
  • Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured v2.1 - v2.9
  • Schneider Electric EcoStruxure Panel Server v2.0 and prior

Remediation

Refer to Schneider Electric Website for patch, upgrade, or suggested workaround information.

CVE-2025-1960

CVE-2025-0813

CVE-2025-2002

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.