Your review has been sent successfully

Schneider Electric Alert

2885
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

16 June, 2022

● High

2022-4955

All

Description:

Schneider Electric has released security alerts to address several vulnerabilities in the following products:

  • EcoStruxure™ Control Expert
    • Version 15.0 SP1 and prior
  • EcoStruxure™ Process Expert
    • Version 2021 and prior
  • SCADAPack RemoteConnect™ for x70
    • All Versions prior to R2.7.3
  • SMT Series
  • SMC Series
  • SCL Series
  • SMX Series
  • SRT Series
  • SRTL Series: SRTL1000RMXLI, SRTL1000RMXLI-NC SRTL1500RMXLI, SRTL1500RMXLI-NC SRTL2200RMXLI, SRTL2200RMXLI-NC SRTL3000RMXLI, SRTL3000RMXLI-NC
  • SRC Series
  • XU Series
  • XP Series
  • CHS2 Series

SURTD Series

  • SMT Series
  • SMC Series
  • SMTL Series
  • SCL Series
  • SMX Series
  • EcoStruxure Power Build: Rapsody Software
    • Versions prior to Version 2.1.13
  • Easergy C5x (C52/C53)
  • Easergy MiCOMP30 range, model P439
  • Easergy P5
  • EPC2000
  • EPC3000
  • Easy Harmony ET6 (HMIET Series)
  • Easy Harmony GXU (HMIGXU Series)
  • Eurotherm E+PLC100
  • Eurotherm E+PLC400
  • Eurotherm Eycon 10/20 Visual Supervisor
  • Eurotherm T2550 PAC
  • Eurotherm T2750 PAC
  • Harmony/ Magelis , HMIGTU Series, HMIGTUX Series, HMIGK Series
  • HMISCU
  • JACE-8000
  • MiCOM C264
  • Modicon M241/M251 Logic Controllers
  • Modicon M262 Logic Controllers
  • Modicon M258/ LMC058 Logic Controllers
  • Modicon M340 CPU (BMXP34*)
  • Modicon Quantum CPU and Communication Modules
  • Modicon Premium CPU and Communication Modules
  • Nanodac
  • PacDrive Eco/Pro/Pro2 Logic Controllers
  • PacDrive M
  • PowerLogic ION7400
  • PowerLogic PM8000
  • PowerLogic ION9000
  • Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series
  • SCD6000 Industrial RTU
  • SAGE RTU CPU C3414
  • EcoStruxure™ Cybersecurity Admin Expert (CAE)
    • Versions 2.2 and prior
  • CanBRASS
    • Versions prior to V7.5.1
  • Schneider Electric C-Bus Network Automation Controller, LSS5500NAC
  • Electric Wiser for C-Bus Automation Controller, LSS5500SHAC
  • Clipsal C-Bus Network Automation Controller, 5500NAC V1.10.0
  • Clipsal Wiser for C-Bus Automation Controller, 5500SHAC
  • SpaceLogic C-Bus Network Automation Controller, 5500NAC2
  • SpaceLogic C-Bus Application Controller, 5500AC2
  • EcoStruxure Power Commission
    • Versions prior to V2.22
  • StruxureWare Data Center Expert
    • Versions prior to V7.9.0
  • Conext™ ComBox
  • Geo SCADA Mobile
  • IGSS Data Server (IGSSdataServer.exe)
    • Versions prior to Version 15.0.0.22139

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Arbitrary code execution
  • Cross-site scripting (XSS)
  • Buffer overflow
  • Authentication Bypass

Best practice and Recommendations:

The CERT team encourages users to review Schneider Electric security advisory and apply the necessary updates:

Last updated at 16 June, 2022

Rate the content

rate-icon
up icon