CVE-2025-46406 – “Schneider Electric Command Centre Server Privilege Escalation”

CVE ID : CVE-2025-46406

Published : July 10, 2025, 3:15 a.m. | 52 minutes ago

Description : A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.

This issue affects Command Centre Server:

9.30 prior to 9.30.1874 (MR1), 9.20 prior to 9.20.2337 (MR3), 9.10 prior to 9.10.3194 (MR6), 9.00 prior to 9.00.3371 (MR7), all versions of 8.90 and prior.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…