IKT Asset
AICybersecurityVulnerabilitiesSchneider ElectricRockwell Automation

Schneider Electric and Rockwell Automation: Important Security Updates for Critical Infrastructures

Current security vulnerabilities in products from Schneider Electric and Rockwell Automation require urgent risk mitigation actions.

Introduction

In recent weeks, several security vulnerabilities have been published in products from Schneider Electric and Rockwell Automation. These vulnerabilities affect critical infrastructures and require immediate attention.

Schneider Electric: Security Vulnerabilities in Easergy and EcoStruxture

Schneider Electric has identified security vulnerabilities in its Easergy, EcoStruxture, PowerLogic, and Saitel products that could lead to unauthorized access. The affected products include:

  • Easergy MiCOM C264, P139, P437, P439, P532, P539, P631, P632, P633, P634
  • EcoStruxure Power Automation System Gateway
  • PowerLogic P5 and P7

Recommended Actions

Schneider Electric has released several updates to address these vulnerabilities. It is recommended to install the latest versions of the affected products and enhance network security through firewalls and access controls.

Rockwell Automation: FactoryTalk Historian Site Edition

Rockwell Automation has also identified vulnerabilities in its FactoryTalk Historian Site Edition. These vulnerabilities could lead to a denial-of-service attack or bypass authentication.

Affected Versions

  • FactoryTalk Historian SE 11

Recommended Actions

Customers should apply the latest patches and follow security best practices to protect their systems. Rockwell Automation recommends automatically restarting services and restricting access to critical ports.

Conclusion

Identifying and addressing security vulnerabilities is crucial for protecting critical infrastructures. Organizations should take proactive measures to secure their systems and follow the recommendations of the vendors.