Schneider Electric's ConneXium Network Manager (CNM), a pivotal component in industrial network management, has been identified with significant vulnerabilities that threaten the security and stability of critical infrastructure sectors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory (ICSA-25-107-03) on April 17, 2025, detailing these issues. (cisa.gov)

Background

CNM is integral to the operation of industrial control systems (ICS), facilitating the management and monitoring of networked devices within sectors such as energy, manufacturing, and commercial facilities. The recent vulnerabilities underscore the challenges associated with maintaining and securing legacy systems in an increasingly digital and interconnected industrial landscape.

Identified Vulnerabilities

The CISA advisory highlights two critical vulnerabilities in CNM:

  1. Files or Directories Accessible to External Parties (CVE-2025-2222):
  • Description: This flaw allows unauthorized access to sensitive files or directories over HTTPS, potentially leading to information leakage and privilege escalation through man-in-the-middle attacks.
  • Severity: CVSS v4 base score of 8.2, indicating high severity.
  1. Improper Input Validation (CVE-2025-2223):
  • Description: This vulnerability arises when a malicious project file is loaded from the local system, potentially compromising the confidentiality, integrity, and availability of the engineering workstation.
  • Severity: CVSS v4 base score of 8.4, also indicating high severity.

Implications and Impact

The exploitation of these vulnerabilities can have severe consequences, including:

  • Data Breaches: Unauthorized access to sensitive operational data, leading to potential intellectual property theft or exposure of proprietary information.
  • Privilege Escalation: Attackers gaining elevated access rights, enabling them to execute arbitrary code or commands within the system.
  • Operational Disruption: Potential denial of service or manipulation of ICS processes, leading to system outages or degraded performance.
  • Safety Hazards: Compromised systems may result in unsafe operating conditions, posing risks to personnel and equipment.

Technical Details

The vulnerabilities are characterized by:

  • CVE-2025-2222: Improper handling of file access permissions over HTTPS, allowing unauthorized external parties to access sensitive files or directories.
  • CVE-2025-2223: Lack of proper input validation when loading project files from local systems, enabling malicious files to compromise system integrity.

Mitigation Strategies

Schneider Electric has provided the following mitigations to address these vulnerabilities:

  • Disable the Web Server: If not in use, disable the web server feature to reduce the attack surface.
  • File Integrity Verification: Only open project files from trusted sources and regularly compute and verify their hashes to ensure integrity.
  • Encryption and Access Control: Encrypt project files when stored and restrict access to trusted users.
  • Secure Communication Protocols: Use secure communication protocols when exchanging files over the network.
  • System Hardening: Follow workstation, network, and site-hardening guidelines as outlined in Schneider Electric's cybersecurity best practices.

Given that CNM has reached its end of life and is no longer supported, organizations are strongly advised to transition to supported alternatives to ensure ongoing security and compliance.

Conclusion

The identification of critical vulnerabilities in Schneider Electric's ConneXium Network Manager highlights the pressing need for robust cybersecurity measures in industrial control systems. Organizations must prioritize the implementation of mitigation strategies and consider upgrading to supported systems to safeguard critical infrastructure against evolving cyber threats.