Severity
Medium
Analysis Summary
CVE-2025-2442 CVSS:6.8
Schneider Electric Trio Q Licensed Data Radios could allow a physical attacker to gain unauthorized access, caused by initialization of a resource with an insecure default flaw.
CVE-2025-2441 CVSS:4.6
Schneider Electric Trio Q Licensed Data Radios could allow a physical attacker to obtain confidential data, caused by not correctly initialize all data when sets the radio in factory default mode.
CVE-2025-2440 CVSS:4.2
Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.
CVE-2025-2223 CVSS:7.8
Schneider Electric ConneXium Network Manager could allow a local attacker to gain elevated privileges on the system, caused by improper input validation.
CVE-2025-2222 CVSS:7.8
Schneider Electric ConneXium Network Manager could allow a local attacker to gain elevated privileges on the system, caused by files or directories accessible to external parties over https.
Impact
- Gain Access
- Information Disclosure
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-2442
CVE-2025-2441
CVE-2025-2440
CVE-2025-2223
CVE-2025-2222
Affected Vendors
Affected Products
- Schneider Electric Trio Q Licensed Data Radio - 2.7
- Schneider Electric ConneXium Network Manager - 2.0.01
Remediation
Refer to Schneider Electric Website for patch, upgrade, or suggested workaround information.