Critical Vulnerabilities Uncovered in Schneider Electric RTUs: A Threat to Industrial Control Systems
Two significant vulnerabilities, **CVE-2026-9650** and **CVE-2026-9651**, have been identified in **Schneider Electric EasyLogic T150** and **Saitel DP Remote Terminal Units (RTUs)**. These flaws could allow unauthorized access and sensitive information exposure, posing a substantial risk to critical infrastructure sectors worldwide.
Industrial control systems (ICS) are once again in the spotlight as new vulnerabilities in **Schneider Electric** RTUs raise concerns for critical infrastructure. The identified flaws could allow attackers to gain unauthorized access to credentials and compromise devices, emphasizing the need for robust cybersecurity measures in operational technology (OT) environments.
## Understanding the Vulnerabilities
**Schneider Electric EasyLogic T150** (formerly **Saitel DR**) and **Saitel DP RTUs** are affected by two distinct vulnerabilities:
### CVE-2026-9650: Insufficiently Protected Credentials
This vulnerability, classified as **CWE-522**, stems from insufficiently protected credentials stored within the firmware or system files. An unauthenticated attacker could access these credentials, potentially leading to unauthorized access and exposure of sensitive information. With physical access to the device, an attacker could then compromise it.
**Affected Product Versions:**
* **Schneider Electric EasyLogic T150** Remote Terminal Unit & Controller: `<=11.06.30`
* **Schneider Electric Saitel DP** Remote Terminal Unit & Controller: `<=11.06.35`
### CVE-2026-9651: Incorrect Permission Assignment for Critical Resource
Categorized as **CWE-732**, this vulnerability involves incorrect permission assignments for critical system resources. An attacker with privileged local access could read improperly protected system files, leading to the unauthorized disclosure of password hashes and potential account compromise.
**Affected Product Versions:**
* **Schneider Electric EasyLogic T150** Remote Terminal Unit & Controller: `<=11.06.31`
* **Schneider Electric Saitel DP** Remote Terminal Unit & Controller: `<=11.06.37`
Both vulnerabilities carry a **CVSS v3 score of 7.5**, indicating a high severity risk.
## Impact on Critical Infrastructure
These RTUs are widely deployed globally in critical manufacturing and energy sectors. Successful exploitation could disrupt operations, compromise data integrity, and potentially lead to significant safety and environmental consequences. The potential for unauthenticated access to credentials makes **CVE-2026-9650** particularly concerning, as it lowers the bar for initial system penetration.
## Acknowledgments
**Dick Brooks** of **Business Cyber Guardian** reported **CVE-2026-9650** to **Schneider Electric**. **CVE-2026-9651** was reported to **CISA** by an internal researcher at **Schneider Electric**.
## Recommended Practices for Mitigation
**CISA** urges organizations to implement defensive measures to minimize exploitation risks. Key recommendations include:
* **Minimize Network Exposure:** Ensure all control system devices and systems are not directly accessible from the internet.
* **Network Segmentation:** Isolate control system networks and remote devices behind firewalls, separating them from business networks.
* **Secure Remote Access:** Utilize Virtual Private Networks (**VPNs**) for remote access, ensuring they are updated to the latest versions and are as secure as the connected devices.
* **Impact Analysis and Risk Assessment:** Conduct thorough analyses before deploying any defensive measures.
* **Defense-in-Depth Strategies:** Implement comprehensive cybersecurity strategies for proactive defense of ICS assets.
Organizations are also advised to be vigilant against social engineering attacks, avoiding suspicious links or attachments in unsolicited emails. While no public exploitation of these specific vulnerabilities has been reported to CISA, proactive defense is crucial.
## Staying Ahead of Threats
The disclosure of these vulnerabilities underscores the ongoing challenges in securing industrial control systems. As the convergence of IT and OT continues, the need for stringent security practices, regular patching, and continuous monitoring becomes paramount for protecting critical infrastructure from evolving cyber threats.