← Back to home
ICSA-21-168-01  ·  Published 2021-06-17  ·  View on CISA ICS-CERT ↗

Schneider Electric Enerlin'X Com 'X 510

CVSS 8.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow elevation of privileges, which could result in unintended disclosure of device configuration information to any authenticated user.

CVEs (1)

Remediations

  • If the Guest account password on the device remains set to the default value, users should immediately change the account password to one that is unique and has a strong value.
  • Users who have configured their Com'X 510 device to access remote SMTP, FTP, or HTTPS services should immediately change access passwords on the affected services and update the Com'X configuration.
  • To further reduce the risk, apply v6.8.4 or later of the Enerlin'X Com'X 510 firmware.
  • For additional information on this vulnerability, see Schneider Electric's security notification SEVD-2021-159-06

Affected Vendors

Schneider Electric Software, LLC

Affected Products (1)

Schneider Electric Software, LLC · Enerlin'X Com'X 510 < 6.8.4

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more