Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

CVEs (1)

Remediations

• HUe Firmware version 11.06.30 includes a fix for this vulnerability and is available for download here: https://se.com/ww/en/product-countryselector/?pageType=productrange&sourceId=62685#software-and-firmware
• Schneider Electric is establishing a remediation plan for the Saitel DP RTU product that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: • Limit physical or console access to trusted users only • Enforce password policy (strong password and update password regularly). Password updates can be applied using the EcoStruxure™ Cybersecurity Admin Expert tool, or device webpage. Customers should also consider upgrading to the latest product offering PowerLogic™ T500 Substation Controller
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Limit physical or console access to trusted users only • Ensure that configuration files used by privileged daemons are owned by root, not writable by nonprivileged users, and set to minimum permissions when technically feasible to prevent unauthorized modification.

Affected Vendors

Affected Products (3)

Affected Sectors

Communications, Critical Manufacturing, Energy, Transportation Systems