Your review has been sent successfully

Schneider Electric Alert

2596
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

11 April, 2023

● Critical

2023-5536

All

Description:

Schneider Electric has released security update to address several vulnerabilities in the following products:

  • PacDrive 3 Controllers: LMC Eco/Pro/Pro2
  • PacDrive Controller LMC078
  • Modicon Controller M241
  • Modicon Controller M251
  • Modicon Controller M262
  • Modicon Controller M258
  • Modicon Controller LMC058
  • Modicon Controller M218
  • HMISCU Controller
  • InsightHome, InsightFacility and Conext™ Gateway (Discontinued in 2019)
    • v1.16 Build 004 and prior
  • EcoStruxure™ Control Expert
    • Versions V15.1 and above
  • APC Easy UPS Online Monitoring Software
    • V2.5-GA-01-22320 and prior (Windows 10, 11 Windows Server 2016, 2019, 2022)
  • Schneider Electric Easy UPS Online Monitoring Software
    • V2.5-GS-01-22320 and prior (Windows 10, 11 Windows Server 2016, 2019, 2022)
  • Modicon M340 CPU (part numbers BMXP34*)
    • Versions prior to SV3.51
  • Modicon M580 CPU (part numbers BMEP* and BMEH*)
    • Versions prior to V4.10
  • Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)
  • Modicon Momentum Unity M1E Processor (171CBU*)
  • Modicon MC80 (BMKC80)
  • Legacy Modicon Premium CPUs (TSXP57*)
Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Unauthenticated Remote Code Execution
  • Denial of Service (DoS)
  • Sensitive Information disclosure
  • Improper Input Validation
Best practice and Recommendations:

The CERT team encourages users to review Schneider Electric security advisory and apply the necessary updates:

  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-01.pdf&_ga=2.243671429.1006116168.1681204522-9249104.1681204522
  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf&_ga=2.206374035.1006116168.1681204522-9249104.1681204522
  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf&_ga=2.206374035.1006116168.1681204522-9249104.1681204522
  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf&_ga=2.206374035.1006116168.1681204522-9249104.1681204522
  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf&_ga=2.13034807.1006116168.1681204522-9249104.1681204522
Last updated at 11 April, 2023

Rate the content

rate-icon
up icon