Primary

Context

Schneider Electric ConneXium Network Manager Files Accessible to External Parties Vulnerability

Vulnerability

A vulnerability allowing files or directories to be accessed by external parties over HTTPS has been identified in Schneider Electric's ConneXium Network Manager software, specifically in version 2.0.01. This vulnerability could lead to information leakage and potential privilege escalation, especially following a man-in-the-middle attack.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information and allow for privilege escalation on the affected system.

Remediation

Users are advised to disable the web server, which is disabled by default, and to follow workstation, network, and site-hardening guidelines available in the Schneider Electric Recommended Cybersecurity Best Practices document.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric ConneXium Network Manager Files Accessible to External Parties Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating