← Back to home
ICSA-25-079-02  ·  Published 2025-02-11  ·  View on CISA ICS-CERT ↗

Schneider Electric Enerlin’X IFE and eIFE

CVSS 6.5 MEDIUM

CVEs (3)

Remediations

  • Customers should immediately apply the following mitigations to reduce the risk of exploit: * Use devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. * Setup network segmentation and implement a firewall to block all unauthorized access to ports supported by the product and listed in the user guide: https://www.se.com/ww/en/download/document/DOCA0084EN/ Configure the Access Control List following the recommendations of the Cybersecurity Guide: https://www.se.com/ww/en/download/document/DOCA0122EN/ and the user guide: https://www.se.com/ww/en/download/document/DOCA0084EN/ To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp
  • Version 004.010.000 of Enerlin'X IFE and eIFE includes a fix for this vulnerability. Download the latest version of the EcoStruxure Power Commission tool available here: https://www.se.com/ww/en/product-range/62980-ecostruxure-powercommission/#overview to install the latest firmware version of the Enerlin'X IFE and eIFE.
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Customers should immediately apply the following mitigations to reduce the risk of exploit: * Use devices only in a protected environment to minimize network exposure and ensure that they are not accessible from public internet or untrusted networks. * Setup network segmentation and implement a firewall to block all unauthorized access to ports supported by the product and listed in the user guide: https://www.se.com/ww/en/download/document/DOCA0084EN/ Configure the Access Control List following the recommendations of the Cybersecurity Guide: https://www.se.com/ww/en/download/document/DOCA0122EN/ and the user guide: https://www.se.com/ww/en/download/document/DOCA0084EN/ To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp

Affected Vendors

Schneider Electric

Affected Products (6)

Schneider Electric · Enerlin'X IFE interface vers:all/*
Schneider Electric · Enerlin'X eIFE vers:all/*
Schneider Electric · Enerlin'X IFE interface <=004.009.000
Schneider Electric · Enerlin'X eIFE <=004.009.000
Schneider Electric · Enerlin'X IFE interface 004.010.000
Schneider Electric · Enerlin'X eIFE 004.010.000

Affected Sectors

Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more