RCE in Schneider Electric Saitel Dp Rtu
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.005 (39.2th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Saitel Dp Rtu — versions all versions
- Schneider Electric Saitel Dr Rtu — versions all versions