Schneider Electric Plant iT/Brewmaxx

CISA has published an Industrial Control Systems (ICS) advisory for Schneider Electric Plant iT/Brewmaxx, identifying four vulnerabilities (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819). The most severe, CVE-2025-49844, involves a use-after-free vulnerability in the integrated Redis database that allows authenticated users to trigger remote code execution. Other vulnerabilities include integer overflows and code injection. Affected versions include Plant iT/Brewmaxx 9.60 and above. Schneider Electric has released Patch ProLeiT-2025-001 and recommends disabling Redis eval commands and isolating control networks from the internet to mitigate risks. These systems are deployed worldwide in critical infrastructure sectors including Energy, Critical Manufacturing, and Commercial Facilities.