—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Schneider Electric

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Schneider Electric EcoStruxure¿ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) Version 9.1.1 and prior

Schneider Electric EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Version 11.06.31 and prior

Schneider Electric Saitel DP Remote Terminal Unit & Controller Version 11.06.37 and prior

Schneider Electric PowerLogic¿ P7 Version V02.003.001.000 and prior

Overview

Multiple vulnerabilities have been reported in Schneider Electric products, which could be exploited by an attacker to obtain sensitive information, gain unauthorized access, execute arbitrary OS commands, or cause Denial of Service (DoS) conditions on the targeted system.

Target Audience:

All organizations and individuals using the affected Schneider Electric products.

Risk Assessment:

High risk of unauthorized access, exposure of sensitive information, service unavailability.

Impact Assessment:

Potential for sensitive information disclosure, disruption of services, system compromise.

Description

Schneider Electric develops products and solutions for energy management and industrial automation, used across various sectors including residential, commercial, and industrial applications.

Multiple vulnerabilities have been reported in Schneider Electric products due to improper restriction of XML external entity reference, insufficiently protected credentials, incorrect permission assignment for critical resource, NULL pointer dereference, OS command injection, and reachable assertion issues.

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, gain unauthorized access, execute arbitrary OS commands, or cause Denial of Service (DoS) conditions on the targeted system.

Solution

Apply appropriate security updates as mentioned in:

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-01.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-03.pdf

Vendor Information

Schneider Electric

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications/

References

Schneider Electric

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-01.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-03.pdf

CVE Name

CVE-2026-8045

CVE-2026-9650

CVE-2026-9651

CVE-2026-9716

CVE-2026-9717

CVE-2026-9718

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo1XCUACgkQ3jCgcSdc

ys/nyQ//ZXe+YydltgK5dzy9o2J5dNdbkLiSPIAhtDQqtJx0qsr/rfgn0i+1td9G

Y6r+cIJ0p+2RSBcb/eqOIBg+HLifW+eTrGbFlE8xQzFVy4ttCWYm3vidS7XnSUub

iGFffgPkCK/ca6pquhHYVH47/TCo1a/L55M7928ZB18Tm7zDvgaXzpdhpRrBH4gv

Sfw+8BlONCiehUOCoVhi2WhdpcljAgsH2O1oVwVZFPhYP+oxjbpsrdBKVj+HkUbq

4fROpjpU2OJt29BkWa1s3b25Ud1yCcNXBTKUrIFRmDtdXNTLkzMcnd1OeKNVB1h7

u+a7K9LONqSsBWpLaqNEpgXMiIFAJcVRITEl2jyTANSut27uXX1tb3qt9Zy5JpGv

5GohiH1kx4Ud94Y6ozVuhHk7YIbTV4Upce84blulZOlEZ/qxfC6z3QydFbwzAaRG

vzqCJgzdBkTOoDVLuARuhFQXfX5QKljPqgy0/ek86XrDOYs++zEf8oy8Ou5UxaF3

w2TcQDuF7pF4ENKXkp/K2fSCF81/9vBqiR1ARHFqfBgxmOXZ1kIMWGW9o8GliEqJ

1OwEIqyEhQm7sRcj9fgIXho6yMDFkW1eeP9dufR3FPztE7Yursk3/c4RZBdIlBsG

pwukZlKAyz+nNRo8EbWSg4M10DUoGGsrmIRSK34NhV1tL0/VXaM=

=Lcr0

—–END PGP SIGNATURE—–