Critical Remote Code Execution Vulnerabilities (CVE‑2025‑49844, CVE‑2025‑46817‑19) in Schneider Electric Plant iT/Brewmaxx Threaten Energy & Manufacturing Operations
What It Is – Four newly disclosed flaws in Schneider Electric’s Plant iT/Brewmaxx (versions 9.60 and above) allow an authenticated attacker to abuse Redis, trigger use‑after‑free or integer‑overflow conditions, and achieve remote code execution. The CVSS v3 base score is 9.9 (Critical).
Exploitability – Exploits require valid credentials to the Redis instance, but a crafted Lua script can be run remotely. Proof‑of‑concept code has been published, and CISA reports active exploitation in the wild.
Affected Products – Schneider Electric Plant iT/Brewmaxx 9.60 and later (global deployments across energy, critical manufacturing, and commercial facilities).
TPRM Impact – A breach in this control‑system software can cascade to downstream suppliers, cause production shutdowns, and expose confidential process data, creating a high‑impact supply‑chain risk for any organization that relies on Schneider‑managed automation.
Recommended Actions –
- Immediately apply Schneider Electric’s mitigation guidance (disable unauthenticated Redis access, enforce strong authentication, and apply the latest firmware patches).
- Conduct a credential‑hygiene audit on all Redis instances used by Plant iT/Brewmaxx.
- Segment control‑system networks from corporate IT and enforce strict firewall rules.
- Deploy endpoint detection and response (EDR) on any workstations that interact with the system.
- Monitor CISA and vendor advisories for updated patches.
Source: CISA Advisory – ICSA‑26‑083‑03