Schneider Electric Alert

Your review has been sent successfully

Schneider Electric Alert

3526

Classification

Security Alert

● Critical

● High

● Medium

● Low

Warning Date

Severity Level

Warning Number

Target Sector

10 May, 2022

● High

2022-4797

All

Description:

Schneider Electric has released security alerts to address several vulnerabilities in the following products:

Saitel DP RTU
Firmware from Baseline_09.00.00 to Baseline_11.06.23
Wiser Smart, EER21000
V4.5 and prior
Wiser Smart, EER21001
V4.5 and prior
Easergy C5x (C52/C53) Versions prior to 1.0
Easergy MiCOMP30 range, model P439 Versions 660 - 674
Easergy P5 Versions 01.401.101 and prior
EPC3000 V5.10 firmware version and prior
Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family and prior
Easy Harmony GXU (HMIGXU Series) Vijeo Designer Basic V1.2 family and prior
Eurotherm E+PLC100 All Versions
Eurotherm E+PLC400 1.3.0.1 and prior
Eurotherm Eycon 10/20 Visual Supervisor V7.2 and prior
Eurotherm T2550 PAC V8.1 and prior
Eurotherm T2750 PAC V6.2 and prior
Harmony/ Magelis HMIGTU Series HMIGTUX Series HMIGK Series Vijeo Designer V6.2 SP11 Hotfix 3 and prior
HMISCU Vijeo Designer V6.2 SP11 and prior
MiCOM C264 B5.x up to B5.118 D1.x up to D1.92 D4.x up to D4.38 D5.x up to D5.25I D6.x up to D6.18
JACE-8000 All TAC I/A Series Niagara Framework® platforms prior to Niagara 4.8 are impacted
Modicon M241/M251 Logic Controllers Firmware version 5.1.9.34 and prior
Modicon M262 Logic Controllers Firmware version 5.1.6.1 and prior
Modicon M258/ LMC058 Logic Controllers Firmware versions prior than 5.0.4.18
Modicon M340 CPU (BMXP34*) V3.40 and prior
Modicon Quantum CPU and Communication Modules All Versions
Modicon Premium CPU and Communication Modules All Versions
nanodac V9.01 firmware version and prior
PacDrive Eco/Pro/Pro2 Logic Controllers Firmware versions prior to V1.66.5.1
PacDrive M All Versions
PowerLogic ION7400 Firmware V3.0.0 and prior
PowerLogic PM8000 Firmware V3.0.0 and prior
PowerLogic ION9000 Firmware V3.0.0 and prior
Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 and prior
SCD6000 Industrial RTU Version SCD6000 SY1101211_M and prior
SAGE RTU CPU C3414 All versions prior to C3414-500- S02K5_P5
BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 All versions
BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 All versions
BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300, All versions
BMENOP0300, BMXNOR0200 All versions
BMXNOM0200 All versions
Easergy MiCOM P30 range, models: C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634, Px36/8. Versions 660 - 674
Easergy MiCOM P40 All versions
EPC2000 All versions
EPack All versions
HMISTO Series HMISTU/S5T Series All versions
Modicon LMC078 All versions
Modicon M580 CPU (BMEP* and BMEH*), BMXNOM0200 All versions
Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*), V1.50 All versions
Momentum ENT (170ENT11*) All versions
Pro-face GP4000 Series, LT4000M Series, GP4000H Series All versions
Pro-face GP4100 Series, GP4000E Series, GP4000M Series All versions
TCSEGPA23F14F, BMECXM0100 All versions
Versadac All versions
6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ All Versions
Network Management Card 2 (NMC2)
Network Management Card 3 (NMC3)
NMC embedded
SMT Series
SMC Series
SCL Series
SMX Series
SRT Series
SRTL Series: SRTL1000RMXLI, SRTL1000RMXLI-NC SRTL1500RMXLI, SRTL1500RMXLI-NC SRTL2200RMXLI, SRTL2200RMXLI-NC SRTL3000RMXLI, SRTL3000RMXLI-NC
SRC Series
XU Series
Wiser Smart, EER21000 V4.5 and prior
Wiser Smart, EER21001 V4.5 and prior

Threats:

Attacker could exploit these vulnerabilities by doing the following:

Denial of service attack (DoS)
Arbitrary code execution
Cross-site scripting (XSS)

Best practice and Recommendations:

The CERT team encourages users to review Schneider Electric security advisory and apply the necessary updates:

Last updated at 10 May, 2022

Schneider Electric Alert

Classification

Most Viewed Warnings