SEVD-2020-343-01

Schneider Electric is aware of a vulnerability in its EcoStruxure™ Control Expert product and EcoStruxure™ Process Expert. The EcoStruxure™ Control Expert product is a software to design, diagnose, maintain and update applications for Modicon M340, M580 and M580 Safety, Momentum, Premium, and Quantum PLCs. The EcoStruxure Process Expert DCS (formerly EcoStruxure Hybrid DCS) is a single automation system to engineer, operate, and maintain your entire infrastructure for a sustainable, productive and market-agile plant The RemoteConnect™ product is a Windows-based application based on EcoStruxure™ Control Expert (Unity Pro) software components that provides a programming and configuration environment for the SCADAPack x70 RTU series, which is comprised of the SCADAPack 470, 474, 570, 574 and 575 Smart RTUs. Failure to apply the mitigations provided below may risk opening a malicious file, which could result in crash of the software or unexpected code execution. July 2021 update: Added availability of fix in the version 15.0 SP1 of EcoStruxure Control Expert and added EcoStruxure™ Process Expert and RemoteConnect™ as impacted products.