Full Report
[Control systems] Schneider Electric security advisory (AV26-350)
Analysis Summary
As a vulnerability research specialist, I have summarized the security advisories issued by Schneider Electric (via the Canadian Centre for Cyber Security, AV26-350) regarding critical flaws in industrial control systems and power management software.
# Vulnerability: Multiple Flaws in Schneider Electric Industrial & Power Products
## CVE Details
*Note: Specific CVE IDs for the 2026 advisories were not fully detailed in the summary text; the following are associated with the provided SEVD reports.*
- **CVE ID:** CVE-2026-XXXXX (Multiple IDs associated with SEVD-2026-104-01 through 03)
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** CWE-798 (Use of Hard-coded Credentials), CWE-1392 (Third-Party Vulnerabilities), CWE-20 (Improper Input Validation)
## Affected Systems
- **Products:**
- Easergy MiCOM Px40 Series (Protection Relays)
- Connexium Managed Switches (TCSESM)
- Modicon Managed Switches (MCSESM, MCSESP)
- Modicon Redundancy Switches (MCSESR)
- PowerChute Serial Shutdown
- **Versions:**
- Easergy MiCOM: Multiple versions and models
- Managed Switches: All versions (Connexium and Modicon)
- PowerChute Serial Shutdown: Version 1.4 and prior
- **Configurations:** Systems utilizing default factory settings or exposed management interfaces (Web/SSH/SNMP).
## Vulnerability Description
Three distinct security issues are addressed:
1. **Hard-coded Credentials:** The Easergy MiCOM Px40 series contains hard-coded credentials that could allow an attacker to gain unauthorized access to the device management interface.
2. **Third-Party Vulnerabilities:** Modicon and Connexium switches are affected by vulnerabilities within integrated third-party software components (likely underlying RTOS or web server components).
3. **Application Logic Flaws:** PowerChute Serial Shutdown contains multiple vulnerabilities, including potential remote code execution or unauthorized configuration changes due to improper input handling.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild at time of advisory).
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Most flaws are exploitable via the local or management network).
## Impact
- **Confidentiality:** High (Access to configurations and sensitive telemetry).
- **Integrity:** High (Ability to modify relay settings or switch configurations).
- **Availability:** High (Potential for causing industrial process downtime or improper power shutdown).
## Remediation
### Patches
- **PowerChute Serial Shutdown:** Update to version 1.5 or higher.
- **Easergy MiCOM Px40:** Refer to SEVD-2026-104-03 for specific firmware update paths for affected models.
- **Modicon/Connexium Switches:** Consult the Schneider Electric security portal for specific firmware remediation for each hardware revision.
### Workarounds
- **Network Segmentation:** Isolate management interfaces of switches and relays from the corporate network and the internet.
- **Disable Unused Services:** Disable HTTP, FTP, or Telnet if not strictly required; use HTTPS/SSH where available.
- **Change Default Passwords:** Ensure all user-configurable passwords are changed from factory defaults.
## Detection
- **Indicators of Compromise:** Unusual administrative logins, unauthorized configuration change logs, or unexpected device reboots.
- **Detection Methods and Tools:** Monitor network traffic for unauthorized access to ports 22, 23, 80, 443, and 161 (SNMP) on industrial assets. Use ICS-aware Intrusion Detection Systems (IDS) to flag hard-coded credential usage.
## References
- Schneider Electric Security Notifications: hxxps[://]www[.]se[.]com/ww/en/work/support/cybersecurity/security-notifications[.]jsp
- SEVD-2026-104-01 (PowerChute): hxxps[://]download[.]schneider-electric[.]com/files?p_Doc_Ref=SEVD-2026-104-01
- SEVD-2026-104-02 (Managed Switches): hxxps[://]download[.]schneider-electric[.]com/files?p_Doc_Ref=SEVD-2026-104-02
- SEVD-2026-104-03 (Easergy MiCOM): hxxps[://]download[.]schneider-electric[.]com/files?p_Doc_Ref=SEVD-2026-104-03