[Control systems] Schneider Electric security advisory (AV22-025)

Number: AV22-025
Date: 14 January 2022

On 11 January 2022 Schneider Electric published Security Notifications to highlight vulnerabilities in the following products:

  • Modicon M340 – multiple models and versions
  • Easergy products – multiple models and firmware versions
  • ConneXium Tofino Firewall - multiple models and versions
  • CODESYS V3 Runtime, Development System and Gateway – multiple products and versions
  • EcoStruxure Power Monitoring Expert – version 2020 and prior

Exploitation of these vulnerabilities could result in unauthorized access, arbitrary code execution, denial of service, information disclosure, data modification and credential disclosure.

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

Schneider Electric Cybersecurity Support Portal

Report a problem on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: