Schneider Electric Trio Q Licensed Data Radio

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 5.4
• ATTENTION: Low attack complexity
• Vendor: Schneider Electric
• Equipment: Trio Q Licensed Data Radio
• Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or affect the availability of the affected product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

• Schneider Electric Trio Q Licensed Data Radio: Versions prior to 2.7.2

3.2 VULNERABILITY OVERVIEW

3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922

An insecure storage of sensitive information vulnerability exists that could potentially lead to unauthorized access to confidential data when a malicious user with physical access and advanced knowledge of the filesystem sets the radio to factory default mode.

CVE-2025-2440 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-2440. A base score of 4.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.2 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188

An incorrect initialization of resource vulnerability exists that could lead to a loss of confidentiality when a malicious user with physical access sets the radio to factory default mode, causing the product to not correctly initialize all data.

CVE-2025-2441 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-2441. A base score of 4.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.3 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188

An initialization of a resource with an insecure default vulnerability exists that could potentially lead to unauthorized access, resulting in the loss of confidentiality, integrity, and availability when a malicious user with physical access sets the radio to factory default mode.

CVE-2025-2442 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-2442. A base score of 5.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Schneider Electric CPCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Version v2.7.2 of the TRIO Q Data Radio firmware includes fixes for the identified vulnerabilities and is available for download.
• Follow the instructions in Section 10 Part J – Firmware Updating and Maintenance in the Trio Q Series Data Radio User Manual. This section provides information on how to download, install, and verify the new firmware version.

If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploitation:

• Install Trio Data Radios in a secure location to prevent physical access by unauthorized personnel, and ensure they are securely disposed of when decommissioned.
• Confirm the firmware loaded in Trio Data Radios using the hash published with the release notes, and follow the instructions in Section 10 Part J – Firmware Updating and Maintenance in the Trio Q Series Data Radio User Manual. This section provides information on how to download, install, and verify the new firmware version.

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-098-02 Trio Q Licensed Data Radios - SEVD-2025-098-02 PDF Version, Trio Q Licensed Data Radios - SEVD-2025-098-02 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

• April 17, 2025: Initial Republication of Schneider Electric SEVD-2025-098-02

• Schneider Electric