← Back to home
ICSA-24-326-05  ·  Published 2024-11-12  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure IT Gateway

CVSS 9.8 CRITICAL

CVEs (1)

Remediations

  • Version 1.23.1.10 of EcoStruxure™ IT Gateway includes a fix for this vulnerability and is available for download here: • https://community.se.com/t5/What-s-new-inEcoStruxure-IT/Download-the-EcoStruxure-ITGateway/ta-p/455022 • Instructions provided in the link above. • We encourage customers to enable automatic updates to receive updates promptly. • Customers who have enabled automatic updates do not need to take any further action. Prior versions are not impacted by this vulnerability.
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Customers should protect the Gateway from remote access by controlling access to the software over a network. The following actions could be taken: • Placing the Gateway software on protected access-controlled networks only • Implementing a local firewall to deny remote access to the web API. • Removing the Gateway software and installing a clean build of 1.23.1.10

Affected Vendors

Schneider Electric

Affected Products (5)

Schneider Electric · EcoStruxure™ IT Gateway 1.21.0.6
Schneider Electric · EcoStruxure™ IT Gateway 1.22.0.3
Schneider Electric · EcoStruxure™ IT Gateway 1.22.1.5
Schneider Electric · EcoStruxure™ IT Gateway 1.23.0.4
Schneider Electric · EcoStruxure™ IT Gateway 1.23.1.10

Affected Sectors

Commercial Facilities, Information Technology, Healthcare and Public Health, Critical Manufacturing, Transportation Systems, Energy, Chemical

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more