ICSA-14-006-01
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability
CVSS 5.0
MEDIUM
CVEs (1)
Remediations
- Schneider Electric has created a patch to mitigate this vulnerability on the C3414 LX-800-based RTUs using latest VX-works 6.9.3 OS. Customers may obtain this patch by contacting the Schneider Electric Customer Service Department at 713-920-6832.
- For further information, please find a description and release notes in the Schneider Electric RTU Software Security Bulletin number RTUSW 13001 “Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation” published December 30, 2013. A Schneider Electric customer login account is required to access this bulletin.
- Because this vulnerability is identified with fuzzing tools, the researchers suggest developers use extensive negative testing during quality control of products. The researchers also suggest blocking DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DNP3-specific rule sets.
Affected Vendors
Schneider Electric
Affected Products (3)
Schneider Electric
·
Telvent SAGE 3030 remote terminal unit (RTU)
<December_1_2013
Schneider Electric
·
Telvent SAGE 3030
C3413-500-001D3_P4
Schneider Electric
·
Telvent SAGE 3030
C3413-500-001F0_PB
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more