[Control systems] Schneider Electric security advisory

From: Canadian Centre for Cyber Security

Number: AV21-632
Date: 14 December 2021

On 14 December 2021 Schneider Electric published Security Notifications to address vulnerabilities in multiple products. Included were updates for the following:

  • APC Rack PDU products – multiple products and versions
  • EcoStruxure Power Monitoring Expert – version 9.0 and prior
  • EVlink – multiple products and versions
  • IGSS Data Collector – version V15.0.0.21320 and prior
  • Apache Log4j Vulnerability

Exploitation of these vulnerabilities could result in unauthorized access, execution of malicious web code, remote code execution, denial of service and information disclosure.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

Apache Log4j Vulnerability
https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01

Schneider Electric Cybersecurity Support Portal
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: