VDB
SEVD-2023-010-03
SEVD-2023-010-03
PUBLISHED
CVSS 7.5 HIGH
Schneider Electric is aware of a vulnerability in its EcoStruxure™ Power Operation and Power SCADA Operation software EcoStruxure™ Power Operation and EcoStructure™ Power SCADA Operation are on-premises software offers that provides a single platform to monitor and control medium and lower power systems. Failure to apply the remediation provided below may risk loss of communications via the 61850 protocol, which could result in loss of communications to downstream devices and services.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Power SCADA Operation version 9.0 | ||
| Schneider Electric PowerSCADA Expert version 8.x | ||
| Schneider Electric IEC61850 Driver version 1.08.00.000 | ||
| Schneider Electric Power SCADA Operation 9.0 Contact Support | ||
| Schneider Electric EcoStruxure™ Power Operation 2021 Version 2021, 2021 CU1, 2021 CU2 and 2021 CU3 | ||
| Schneider Electric PowerSCADA Expert 8.x Contact Support | ||
| Schneider Electric EcoStruxure™ Power SCADA Operation 2020 R2 Version 2020 R2 and 2020 R2 CU1, 2020 R2 CU2, and 2020 R2 CU3 | ||
| Schneider Electric EcoStruxure™ Power SCADA Operation 2020 Version 2020 and 2020 CU1 |
Timeline
- Jan 10, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-03_EcoStruxure_Power_Operation_Power_SCADA_Operation_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-010-03.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://community.se.com/t5/EcoStruxure-Power-Operation/IEC61850-Driver-Latest-Release/m-p/150118 fix