There are no events scheduled
This browser is not supported.
NPCC Security Bulletin: CISA Advisory: Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow Vulnerabilities
March 3, 2022
CISA Advisory: Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow Vulnerabilities
CISA issued ICS Advisory (ICSA-22-055-03) on February 24, 2022 regarding Schneider Electric Easergy P5 and P3 Hard-coded Credentials and Classic Buffer Overflow vulnerabilities. Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, program crashes and arbitrary code execution, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to the electrical network.
Schneider Electric recommends users using Easergy P5 to upgrade to version 01.401.101 and users using Easergy P3 to upgrade to version 30.205 and follow industry cybersecurity best practices. If users choose not to apply the updated versions, they should immediately disable the GOOSE service of the product to reduce the risk of exposure. If GOOSE is needed for the application, use it only in a secure local area network.
CISA Best Practices: Control Systems Security Recommended Practices
CISA’s Defense Strategies: Improving ICS Cybersecurity with Defense-in-Depth Strategies
Schneider Electric Best Practices: Recommended Cybersecurity Best Practices
DOWNLOAD ATTACHMENT 1
NPCC Fall 2022 Hybrid (in-person and webinar) Compliance and Reliability Conference
September 23, 2022
Milovan Blair named Chairman of the Board of Directors
September 07, 2022