Schneider Electric Trio Q Licensed Data Radio

CVSS 6.8 MEDIUM

CVEs (3)

CVE-2025-2440 CVE-2025-2441 CVE-2025-2442

Version v2.7.2 of the TRIO™ Q Data Radio firmware includes fixes for the identified vulnerabilities and is available for download here: https://www.se.com/ww/en/product-range/61419-trio-licensed-radios/#software-andfirmware Instructions should be followed from Section 10 Part J – Firmware Updating and Maintenance in the Trio Q Series Data Radio User Manual This section provides information on how to download, install, and verify the new firmware version.
If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Trio™ Data Radios should be installed in a secure location to prevent physical access by unauthorized personnel and securely disposed when decommissioned. • Firmware loaded in Trio™ Data Radios should be confirmed using the hash published with the release notes and following the instructions in Section 10 Part J – Firmware Updating and Maintenance in the Trio Q Series Data Radio User Manual This section provides information on how to download, install, and verify the new firmware version.

Schneider Electric

Schneider Electric · Trio™ Q Licensed Data Radio <2.7.2

Schneider Electric · Trio™ Q Licensed Data Radio 2.7.2

Commercial Facilities, Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.