Schneider Electric EcoStruxure Power Operation

Source: All CISA Advisories | Added:

Schneider Electric's EcoStruxure Power Operation has several vulnerabilities that could lead to unauthorized access and system functionality loss. These include issues such as Eval Injection, buffer overflows, and uncontrolled resource consumption, with known public exploits available.

Impact: EcoStruxure Power Operation (EPO) 2022 CU6 and prior, EcoStruxure Power Operation (EPO) 2024 CU1 and prior

In the Wild: Yes

Age: Newly disclosed

Remediation: EcoStruxure Power Operation 2024 CU2 includes fixes; users are advised to patch systems and consider uninstalling PostgreSQL if certain features are not in use.