Schneider Electric and Rockwell Automation: Security Vulnerabilities in Critical Systems
Schneider Electric and Rockwell Automation have identified several security vulnerabilities in their products. These vulnerabilities could pose significant risks to critical infrastructures.
Introduction
In today's digital landscape, security vulnerabilities in critical infrastructures are a major concern. Schneider Electric and Rockwell Automation have recently reported several vulnerabilities in their products that could potentially lead to serious security risks.
Schneider Electric: Vulnerabilities in Easergy and EcoStruxure
Schneider Electric has identified vulnerabilities in its Easergy, EcoStruxure, PowerLogic, and Saitel products. In particular, this affects the PowerChute™ Serial Shutdown software, which exhibits insufficient input validation. The affected versions include:
- Easergy MiCOM C264 up to D7.33
- EcoStruxure Power Operation up to 2024_CU2
The CVE number for this vulnerability is CVE-2026-4827. Using these vulnerable versions could lead to unauthorized access to system data.
Remediation Recommendations
Schneider Electric recommends updating to the latest versions of the affected products to address the security vulnerabilities. This includes:
- Version D7.34 for MiCOM C264
- Version 1.1.18 for Easergy C5
Rockwell Automation: Security Issues in FactoryTalk Historian
Rockwell Automation has also discovered critical security vulnerabilities in its FactoryTalk Historian Site Edition software. The vulnerabilities allow attackers to obtain valid authentication tokens or perform denial-of-service attacks. Affected versions include:
- FactoryTalk Historian SE 11
The relevant CVEs are CVE-2025-13036, CVE-2025-44019, and CVE-2025-36539. These vulnerabilities can lead to denial of service and potential data loss.
Remediation Recommendations
Rockwell Automation recommends upgrading the software to the latest versions and following best security practices to mitigate risks.
Conclusion
Identifying and addressing security vulnerabilities in critical infrastructures is of utmost importance. Organizations should take proactive measures to protect their systems and implement security updates promptly. For more information on security practices, visit the websites of Schneider Electric and Rockwell Automation.