Register today
- Get custom product tools and services
- Access training
- Manage support cases
- Create and manage your orders (authorized partners only)
SEVD-2025-224-04 EcoStruxureTM Building Operation Enterprise Server, EcoStruxureTM Building Operation Enterprise Central, and EcoStruxureTM Workstation Security Notification
Schneider Electric is aware of multiple vulnerabilities in EcoStruxureTM Building Operation Enterprise Server, EcoStruxureTM Building Operation Enterprise Central, and EcoStruxureTM Workstation. Failure to apply the remediations below may risk credential theft and subsequent unauthorized access and remote code execution from within the BMS network, which could result in data breaches, and operational disruptions. CVE-2025-8449, CVE-2025-8448 CWE-400: Uncontrolled Resource Consumption CWE-200: Exposure of Sensitive Information to an Unauthorized Actor SEVD-2025-224-04 EcoStruxureTM Building Operation Enterprise Server, EcoStruxureTM Building Operation Enterprise Central, and EcoStruxureTM Workstation Security Notification
Date:
Sep 09 2025 | Type:
Security and Safety Notice
Languages:
English | Version:
2.0
Document Number:
SEVD-2025-224-04
Files
| File Name | |
SEVD-2025-224-04.pdf | |
sevd-2025-224-04.json | |
sevd-2025-224-04.json.asc |
Related products
Product Ranges:
EcoStruxureâ„¢ Building Operation Software