Your review has been sent successfully

Schneider Electric Alert

3005
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

10 March, 2022

● High

2022-4509

All

Description:

Schneider Electric has released security alerts to address several vulnerabilities in the following products:

  • EcoStruxure™ Control Expert (All versions including former Unity Pro)
  • EcoStruxure™ Process Expert (All versions including former HDCS)
  • SCADAPack RemoteConnect™ for x70 (All versions)
  • EcoStruxure™ Process Expert (V2021 and prior)
  • EcoStruxure™ Control Expert (V15.0 SP1 and prior)
  • APC Smart-UPS Family and SmartConnect Family (see Security Notification for affected series and versions)
  • Ritto Wiser™ Door (All versions)
  • EcoStruxure™ Control Expert (All versions including former Unity Pro)
  • EcoStruxure™ Process Expert (All versions including former HDCS)
  • SCADAPack RemoteConnect™ for x70 (All versions)
  • EcoStruxure™ Process Expert (All versions prior to V2021)
  • EcoStruxure™ Control Expert (V15.1 , V15.0 SP1 , All versions prior to V15.0 SP1 including all versions of Unity Pro)
  • EcoStruxure™ Process Expert (V2021 , All versions including all versions of EcoStruxure Hybrid DCS)
  • SCADAPack RemoteConnect™ for x70 (All versions)
  • Modicon M580 CPU (All versions - part numbers BMEP* and BMEH*)
  • Modicon M340 CPU (All versions - part numbers BMXP34*)
  • IGSS Data Server: IGSSdataServer.exe (V15.0.0.22020 and prior)
  • EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML (All Versions prior to SP8 (Version 01)V4.0.0.13)
  • Easergy P40 Series model numbers with Ethernet option bit as Q, R, S (All PX4X firmware versions)
  • spaceLYnk (V2.6.2 and prior), • Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior)
  • fellerLYnk (V2.6.2 and prior)
  • ClearSCADA (All Versions)
  • EcoStruxure GeoSCADA Expert 2019 (All Versions)
  • Harmony/Magelis iPC Series (All Versions),
  • Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4),
  • Vijeo Designer Basic (All Versions prior to V1.2.1)
  • M241/M251 (All Versions),
  • EcoStruxure Machine Expert (All Versions)
  • Harmony/Magelis HMISTU Series, HMIGTO Series, HMIGTU Series, HMIGTUX Series, HMIGK Series, HMISCU Series, Vijeo Designer (V6.2 SP11 Hotfix 3 and prior)
  • Eurotherm E+PLC100 (All Versions)
  • Eurotherm E+PLC400 (All Versions)
  • Eurotherm E+PLC tools (All Versions)
  • Easy Harmony ET6 HMIET Series (Vijeo Designer Basic V1.2.1 and later)
  • Easy Harmony GXU HMIGXU Series (Vijeo Designer Basic V1.2.1 and later)
  • Lexium ILE ILA ILS firmware version (V01.103 and prior)
  • Altivar 32/320/340/600/900 Profinet Communication Module (All Versions)
  • Altivar 32/320 andLexium 32 Ethernet TCP/IP Communication Module (All Versions)
  • Altivar 61/71 Profinet - Communication Card (All Versions)

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Authentication bypass
  • Buffer overflow
  • Execute Arbitrary Code

Best practice and Recommendations:

The CERT team encourages users to review Schneider Electric security advisory and apply the necessary mitigations and updates when available:

Last updated at 10 March, 2022

Rate the content

rate-icon
up icon