Schneider Electric Triconex TriStation and Tricon Communication Module

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.

CVEs (5)

Remediations

• Schneider Electric released TriStation v4.9.1 and v4.10.1 on May 30, 2013 and 4.13.0 on January 26, 2015 to address these issues. Tricon v10.5.0 was released on August 13, 2009 and v10.5.4 on February 2, 2012 to address the issues.
• Schneider Electric notified customers of updated product availability via direct-to-customer notification and fixed versions of these offers are available for download here.
• Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
• Install physical controls so no unauthorized personnel can access industrial control and safety systems, components, peripheral equipment, and networks.
• Place all controllers in locked cabinets and never leave them in the “Program” mode.
• Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in the terminals or nodes connected to these networks.
• Never allow laptops that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
• Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
• When remote access is required, use secure methods such as virtual private networks. Recognize that VPNs may have vulnerabilities and should therefore be updated to the most current version available. Also recognize that VPNs are only as secure as the connected devices.
• Schneider Electric continues to recommend users always implement the instructions in the “Security Considerations,”
• Ensure the cybersecurity features in Triconex solutions are always enabled.
• Always deploy safety systems on isolated networks.
• Secure all TriStation engineering workstations and never connect to any network other than the safety network.
• Configure operator stations to display an alarm whenever the Tricon key switch is in the “PROGRAM” mode.
• Please see the Schneider Electric Security Bulletin - SESB-2020-105-01 for more details of these vulnerabilities in legacy Triconex products.

Affected Vendors

Affected Products (2)

Affected Sectors

Multiple Sectors