Summary
New vulnerabilities present in some products – including SCADA – of Schneider Electric have been fixed, including one with a severity of “critical” and 2 with a severity of “high” in some products of the SAGE RTU (Remote Terminal Unit) series.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (74.42/100)1.
Type
- Arbitrary File Write
- Authentication Bypass
- Data Manipulation
Affected products and/or versions
Sage (version C3414-500-S02K5_P8 and earlier):
- 1410
- 1430
- 1450
- 2400
- 3030 Magnum
- 4400
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Unique Vulnerability Identifiers
The following are the CVEs related to the vulnerabilities with severity “critical” and “high”:
References
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
