This browser is not supported.
March 3, 2022
CISA issued ICS Advisory (ICSA-22-055-03) on February 24, 2022 regarding Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow vulnerabilities. Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, program crashes and arbitrary code execution, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to the electrical network.
Schneider Electric recommends users using Easergy P5 to upgrade to version 01.401.101 and users using Easergy P3 to upgrade to version 30.205 and follow industry cybersecurity best practices. If users choose not to apply the updated versions, they should immediately disable the GOOSE service of the product to reduce the risk of exposure. If GOOSE is needed for the application, use it only in a secure local area network.
CISA Advisory: ICS Advisory (ICSA-22-055-03) Schneider Electric Easergy P5 and P3
CISA Best Practices: Control Systems Security Recommended Practices
CISA’s Defense Strategies: Improving ICS Cybersecurity with Defense-in-Depth Strategies
Schneider Electric’s Security Notifications: SEVD-2022-011-03, SEVD-2022-011-04
Schneider Electric Best Practices: Recommended Cybersecurity Best Practices
Save the Date: NPCC Fall 2023 Hybrid (in-person and webinar) Compliance and Reliability Conference
NERC Issues Section 1600 Data Request for Internal Network Security Monitoring
May 25, 2023
GridSecCon 2023 Call for Abstracts – Deadline March 31
March 01, 2023
NPCC Electrical System Map
This is a Northeast Power Coordinating Council, Inc. (NPCC) information system. You have no reasonable expectation of privacy regarding communications or data transiting or stored on NPCC’s information system. At any time and for any lawful purpose, NPCC may monitor, intercept, record, and search any communications or data transiting or stored on this information system. At NPCC’s sole discretion, NPCC may disclose pertinent information to the U.S. Government and its authorized representatives to protect the security of critical infrastructure and key resources, ensure information security, or to comply with any applicable law, regulation, legal process, or enforceable governmental request. By continuing, you acknowledge that you understand and consent to the terms and conditions described in this notice. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited and may subject violators to criminal, civil, and/or administrative action.