ABOUT NPCC Governance & Corporate Leadership Team Membership Careers Resources Contact Us PROGRAM AREAS Standards & Criteria Compliance RAPA SAIS COMMITTEES DER Forum Gov/Reg Affairs Reliability Coordinating Regional Standards NEWS Search SIGN IN

Posted: 03/02/2022

NPCC Security Bulletin: CISA Advisory: Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow Vulnerabilities

TLP: WHITE

March 3, 2022

CISA Advisory: Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow Vulnerabilities

 

CISA issued ICS Advisory (ICSA-22-055-03) on February 24, 2022 regarding Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow vulnerabilities. Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, program crashes and arbitrary code execution, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to the electrical network.

 

Schneider Electric recommends users using Easergy P5 to upgrade to version 01.401.101 and users using Easergy P3 to upgrade to version 30.205 and follow industry cybersecurity best practices. If users choose not to apply the updated versions, they should immediately disable the GOOSE service of the product to reduce the risk of exposure. If GOOSE is needed for the application, use it only in a secure local area network.

 

CISA Advisory: ICS Advisory (ICSA-22-055-03) Schneider Electric Easergy P5 and P3

 

CISA Best Practices: Control Systems Security Recommended Practices

 

CISA’s Defense Strategies: Improving ICS Cybersecurity with Defense-in-Depth Strategies

 

Schneider Electric’s Security Notifications: SEVD-2022-011-03, SEVD-2022-011-04

 

Schneider Electric Best Practices: Recommended Cybersecurity Best Practices

 


  DOWNLOAD ATTACHMENT 1
  Previous

Next  

  CATEGORIES


Compliance Bulletin Decisions & Notices ERO Enterprise Media Release NERC NPCC Regional Entities & Others Reliability Assessment Security Bulletin

  NEWS ARCHIVES


  Upcoming Events


  News Highlights


NPCC 2022 Summer Reliability Assessment Media Release

May 04, 2022

NPCC Summer 2022 Reliability Assessment Overview

May 04, 2022

Security Notice

This is a Northeast Power Coordinating Council, Inc. (NPCC) information system. You have no reasonable expectation of privacy regarding communications or data transiting or stored on NPCC’s information system. At any time and for any lawful purpose, NPCC may monitor, intercept, record, and search any communications or data transiting or stored on this information system. At NPCC’s sole discretion, NPCC may disclose pertinent information to the U.S. Government and its authorized representatives to protect the security of critical infrastructure and key resources, ensure information security, or to comply with any applicable law, regulation, legal process, or enforceable governmental request. By continuing, you acknowledge that you understand and consent to the terms and conditions described in this notice. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited and may subject violators to criminal, civil, and/or administrative action.