Schneider Electric Patches Critical Redis Vulnerabilities in Plant iT/Brewmaxx
Take action: If you are using, Plant iT/Brewmaxx, first make sure it's isolated from the internet and business networks. Then plan a quick patch to ProLeiT-2025-001 and disable Redis 'eval' commands to prevent attackers from running malicious scripts.
Learn More
Schneider Electric and CISA released a security advisory about four vulnerabilities in its Plant iT/Brewmaxx industrial automation platform. These flaws are caused by the integration of Redis, an open-source in-memory database. T.
Vulnerabilities summary:
- CVE-2025-49844 (CVSS score 9.9) — A use-after-free vulnerability in Redis where an authenticated user can use a crafted Lua script to manipulate the garbage collector. This memory corruption allows attackers to run arbitrary code with high privileges on the system.
- CVE-2025-46817 (CVSS score 7.0) — An integer overflow flaw in the Redis component triggered by specific Lua scripts. By causing a memory wraparound, an attacker can potentially achieve remote code execution.
- CVE-2025-46818 (CVSS score 6.0) — A code injection vulnerability that allows authenticated users to manipulate Lua objects. This flaw lets an attacker run their own code within the context of a different user, leading to privilege escalation.
- CVE-2025-46819 (CVSS score 6.3) — An integer overflow in Redis that enables out-of-bounds data reads or server crashes. Attackers can use this to leak sensitive information or cause a denial-of-service state in the automation environment.
Successful exploitation allows attackers to escalate privileges and take full control of the application server or engineering workstations. In critical infrastructure this could lead to unauthorized process changes or complete system shutdowns.
The vulnerabilities impact Schneider Electric Plant iT/Brewmaxx versions 9.60 and later. The underlying issue is tied to Redis versions 8.2.1 and below, which are bundled with the ProLeiT-based automation software.
Schneider Electric recommends installing patch ProLeiT-2025-001 ASAP through their support portal. After patching, administrators must disable 'eval' commands in Redis on all application servers, VisuHubs, and engineering workstations to prevent script-based attacks.
Users should also apply secure Redis configuration templates and restart all affected systems to ensure the changes take effect. Finally, the vendor emphasizes isolating control networks from the internet and using secure VPNs for any required remote access.
