July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RedLine Stealer – Active IOCs
March 13, 2025Multiple Fortinet Products Vulnerabilities
March 13, 2025RedLine Stealer – Active IOCs
March 13, 2025Multiple Fortinet Products Vulnerabilities
March 13, 2025
Severity
High
Analysis Summary
CVE-2025-1960 CVSS:9.8
Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.
CVE-2025-0813 CVSS:7
Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process.
CVE-2025-2002 CVSS:6
Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.
Impact
- Gain Access
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-1960
CVE-2025-0813
CVE-2025-2002
Affected Vendors
Schneider Electric
Affected Products
- Schneider Electric EcoStruxure Power Automation System - WebHMI v4.1.0.0 and EPAS 2.6.30.19
- Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) - Secured v2.1 - v2.9
- Schneider Electric EcoStruxure Panel Server v2.0 and prior
Remediation
Refer to Schneider Electric Website for patch, upgrade, or suggested workaround information.