Schneider Electric and Rockwell Automation: Critical Security Vulnerabilities in ICS Products
Schneider Electric and Rockwell Automation have reported critical security vulnerabilities in their products that could lead to serious security risks.
Schneider Electric and Rockwell Automation: Critical Security Vulnerabilities in ICS Products
Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
According to a recent announcement from Schneider Electric, several products, including Easergy and EcoStruxture, are affected by a security vulnerability that could lead to unauthorized access. The vulnerable versions include:
- Easergy MiCOM C264 up to D7.33
- EcoStruxure Power Operation up to 2024_CU2
The vulnerability (CVE-2026-4827) results from insufficient entropy, meaning attackers may exploit weaknesses in session management. Schneider Electric recommends promptly updating affected products to minimize risk.
Rockwell Automation FactoryTalk Historian Site Edition
Rockwell Automation has also reported multiple security vulnerabilities in its FactoryTalk Historian Site Edition. The affected versions include:
- FactoryTalk Historian SE 11
These vulnerabilities (CVE-2025-13036, CVE-2025-44019, and CVE-2025-36539) could allow attackers to obtain valid authentication tokens or crash the system. Rockwell Automation advises users to update their systems or follow recommended security practices.
Recommendations for Risk Mitigation
Both companies have issued recommendations for mitigating risks, including:
- Isolating control systems behind firewalls.
- Using secure methods for remote access, such as VPNs.
It is crucial for organizations to take proactive measures to secure their ICS assets to prevent potential attacks.