Volerion logoVolerion
Volerion logoVolerion

Schneider Electric EcoStruxure Building Operation Products Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing unauthorized access to sensitive credential data has been identified in Schneider Electric's EcoStruxure Building Operation Enterprise Server, Enterprise Central, and Workstation, all versions prior to 7.0.1. This vulnerability arises from the exposure of local SMB traffic, which an attacker could capture between a valid user and the vulnerable products within the Building Management System (BMS) network.

Impact

Exploitation of this vulnerability could lead to credential theft, allowing unauthorized access to sensitive data and potentially enabling remote code execution from within the BMS network.

Remediation

Users can upgrade to EcoStruxure Building Operation versions 7.0.2.348, 6.0.4.10001 (CP8), or 5.0.3.17009 (CP16). After upgrading, it is recommended to follow the EBO hardening guidelines. For assistance, contact Schneider Electric's Customer Care Center.

Added: Aug 20, 2025, 2:35 PM
Updated: Aug 20, 2025, 2:43 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
4.5
remediation
7.9
relevance
0.4
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.