Summary
Schneider Electric is aware of a vulnerability in its SCADAPack™ x70 RTU products. The SCADAPack™ 47xi, SCADAPack™ 47x and SCADAPack™ 57x product are Remote Terminal Units that provide communication capabilities for remote monitoring and control. Failure to apply the remediations provided below may risk unauthorized access to your RTU, which could result in the possibility of denial of service and loss of confidentiality, integrity of the controller.
The following versions of Schneider Electric SCADAPack and RemoteConnect are affected:
- SCADAPack™ vers:generic/
- SCADAPack™ firmware vers:intdot/<9.12.2, 9.12.2, vers:intdot/<9.12.2, 9.12.2 ()
- RemoteConnect vers:generic/
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Schneider Electric | Schneider Electric SCADAPack and RemoteConnect | Improper Check for Unusual or Exceptional Conditions |
Background
- Critical Infrastructure Sectors: Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2026-0667
CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when communicating over the Modbus TCP protocol.
Affected Products
Schneider Electric SCADAPack and RemoteConnect
Schneider Electric
SCADAPack™ 57x All Versions, RemoteConnect Versions prior to R3.4.2
fixed, known_affected
Remediations
Vendor fix
Version R3.4.2 (Firmware version 9.12.2) of SCADAPack™ 47x and SCADAPack™ 47xi includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/RemoteConnect/
Vendor fix
Version R3.4.2 of RemoteConnect includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/RemoteConnect/
Mitigation
If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Follow the information according to SCADAPack™ Security Guidelines in section 8.3 Secured Communication. Also, apply the following standard practices to reduce the risk of exploit: • Setup network segmentation and implement the RTU firewall service to block all unauthorized access to services • Disable the logic debug service.
Mitigation
Follow the information according to SCADAPack™ Security Guidelines in section 8.3 Secured Communication. Also, apply the following standard practices to reduce the risk of exploit • Setup network segmentation and implement the RTU firewall service to block all unauthorized access to services. • Disable the logic debug service.
Relevant CWE: CWE-754 Improper Check for Unusual or Exceptional Conditions
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Acknowledgments
- Schneider Electric CPCERT reported this vulnerability to CISA.
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: