CVE-2025-11739
Deserialization Vulnerability in SE Software Enables Admin Code Execution
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | ecostruxure_power_monitoring_expert | 2022 |
| schneider_electric | ecostruxure_power_monitoring_expert | 2023 |
| schneider_electric | ecostruxure_power_monitoring_expert | 2023_r2 |
| schneider_electric | ecostruxure_power_monitoring_expert | 2024 |
| schneider_electric | ecostruxure_power_monitoring_expert | 2024_r2 |
| schneider_electric | ecostruxure_power_operation | 2022 |
| schneider_electric | ecostruxure_power_operation | 2024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is a CWE-502: Deserialization of Untrusted Data flaw found in Schneider Electric's EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. It occurs when a locally authenticated attacker with low privileges sends a specially crafted data stream that triggers unsafe deserialization. This unsafe deserialization can lead to arbitrary code execution with administrative privileges."}] [1]
How can this vulnerability impact me? :
The vulnerability can have severe impacts including system compromise, operational disruption, and unauthorized administrative control. Because it allows arbitrary code execution with administrative rights, an attacker could take full control of affected systems, potentially leading to loss of confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying specific hotfixes or upgrades depending on your product version:
- PME 2024 R2 users should apply Hotfix_279338_Release_2024R2 (no reboot required).
- PME 2024 users should upgrade to PME 2024 R3.
- PME 2023 R2 users should apply Hotfix_282807 (no reboot required).
- PME 2023 users should upgrade to PME 2023 R2 and then apply Hotfix_282807.
- EPO 2024 users with the Advanced Reporting and Dashboards Module should upgrade to PME 2023 R2 and apply Hotfix_282807.
- For EPO 2022 and PME 2022 (end-of-life and unsupported), update PME separately and apply the appropriate PME updates.
If immediate remediation is not possible, Schneider Electric recommends the following mitigations:
- Follow cybersecurity hardening guidelines.
- Run PME in isolated networks.
- Configure Windows firewall to restrict access.
- Enforce complex password policies.
- Audit and limit Windows-authenticated user access, especially for elevated privileges.
- Apply the principle of least privilege.
- Consider upgrading to PME 2024 R3.
General security best practices include isolating control networks behind firewalls, physical security controls, locking controllers, restricting programming software network access, scanning removable media, minimizing network exposure, and using secure remote access methods like VPNs.