You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-9996
About this tag
CVE-2025-9996 is an OS command injection vulnerability in the BLMon monitoring console of Schneider Electric Saitel DR and Saitel DP Remote Terminal Units (RTUs). It allows authenticated console users to inject and execute arbitrary shell commands under certain conditions. Schneider Electric has published advisories with fixes or workarounds. Discussions on WindowsForum.com cover mitigation strategies, including applying vendor patches and restricting console access. The vulnerability is part of a coordinated disclosure with CVE-2025-9997, affecting industrial control systems. Users are advised to update firmware and follow Schneider's security recommendations.
Schneider Electric has published coordinated advisories describing two OS command injection flaws in the BLMon monitoring console used by Saitel DR and Saitel DP Remote Terminal Units (RTUs), vulnerabilities that allow authenticated console users to inject and execute arbitrary shell commands...