Number: AV22-067
Date: 9 February 2022
On 8 February 2022 Schneider Electric published Security Notifications to highlight vulnerabilities in the following products:
- ClearSCADA – all versions
- Easergy P40 series – multiple products, all PX4X firmware versions
- EcoStruxure EV Charging Expert – versions prior to SP8 (Version 01) v4.0.0.13
- EcoStruxure Geo SCADA Expert 2019 and 2020 – all versions
- fellerLYnk – version v2.6.2 and prior
- Harmony/Magelis IPC Series – all versions
- IGSS Data Server – version V15.0.0.22020 and prior
- spaceLYnk – version v2.6.2 and prior
- Vijeo Designer – versions prior to v6.2 SP11 Multiple Hotfix 4
- Vijeo Designer Basic – versions prior to v1.2.1
- Wiser for KNX – version v2.6.2 and prior
Exploitation of these vulnerabilities could result in unauthorized access, remote code execution, denial of service, information disclosure, data modification and credential disclosure.
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.
Schneider Electric Cybersecurity Support Portal