CVE-2025-1960 | THREATINT

Description

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.

PUBLISHED Reserved 2025-03-04 | Published 2025-03-12 | Updated 2025-03-13 | Assigner schneider

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1188 Insecure Default Initialization of Resource

Product status

Default status

unaffected

WebHMI v4.1.0.0 and prior when deployed with EPAS User Interface 2.6.30.19 and prior

affected

References

download.schneider-electric.com/...Name=SEVD-2025-070-03.pdf

cve.org (CVE-2025-1960)

nvd.nist.gov (CVE-2025-1960)

Download JSON