CVE-2025-13905
Incorrect Default Permissions in Service Binaries Allow Privilege Escalation
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | ecostruxure_process_expert | to 2025 (exc) |
| schneider_electric | ecostruxure_process_expert_for_aveva_system_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Default Permissions issue (CWE-276) in Schneider Electric's EcoStruxure Process Expert products. It allows a local user with normal privileges to modify executable service binaries in the installation folder. When the affected service restarts, this modification can lead to privilege escalation through a reverse shell exploit, effectively giving the attacker higher-level access. [1]
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing an attacker with normal user privileges to gain higher-level access to the system. This can result in a reverse shell exploit, compromising confidentiality, integrity, and availability of the affected system. Such an exploit could allow unauthorized control over the system, potentially disrupting operations or exposing sensitive data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on your network or system. General recommendations include scanning for modified executable service binaries in the installation folder and monitoring for unauthorized privilege escalations, but no explicit commands are given. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading to EcoStruxureβ’ Process Expert version 2025, which contains the fix. For EcoStruxureβ’ Process Expert for AVEVA System Platform, apply application whitelisting to allow only authenticated applications and restrict system access to necessary users. Additional recommendations include isolating control and safety networks behind firewalls, implementing physical security controls, locking controllers, avoiding unauthorized network connections, scanning removable media, minimizing network exposure, and using secure remote access methods such as VPNs. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly address how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.