Schneider Electric ASCO 5310/5350 Remote Annunciator

CVEs (4)

Remediations

• Schneider Electric is establishing a remediation plan for all future versions of ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator that may include a fix for these vulnerabilities. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: • Use remote annunciator devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. • Change default password to help prevent unauthorized access to device settings and information. • Setup network segmentation and implement a firewall to block all unauthorized access to the annunciator port 80/HTTP. • For more details on the ASCO 5310 refer to “Installation Manual | ASCO 5310 ATS Remote Annunciator” which can be found here: https://www.se.com/ww/en/product-range/66129-asco-5310-singlechannelremote-annunciator/-documents • For more details on the ASCO 5350 refer to “Installation Manual | ASCO 5350 ATS Remote Annunciator” which can be found here: https://www.se.com/ww/en/product-range/66130-asco-5350-eight-channelremote-annunciator/-documents To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp

Affected Vendors

Affected Products (2)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy