CISA has issued an industrial control systems advisory covering two vulnerabilities in Schneider Electric’s EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units and Controllers. Both product lines are widely deployed in critical manufacturing and energy sectors worldwide, raising the operational stakes for unpatched devices.
Vulnerabilities
The advisory identifies two distinct weaknesses:
- CVE-2026-9650 (CWE-522, Insufficiently Protected Credentials): An unauthenticated attacker can access credentials stored within firmware or system files without any prior authentication. CVSS v3.1 scores this 7.5 (High); CVSS v4.0 rates it 8.7 (High). Physical access to the device would allow an attacker who obtains these credentials to subsequently compromise the unit entirely. Affected versions are EasyLogic T150 firmware 11.06.30 and earlier, and Saitel DP firmware 11.06.35 and earlier.
- CVE-2026-9651 (CWE-732, Incorrect Permission Assignment for Critical Resource): An attacker with privileged local access can read improperly protected system files, leading to unauthorized disclosure of password hashes and potential account compromise. Affected versions are EasyLogic T150 firmware 11.06.31 and earlier, and Saitel DP firmware 11.06.37 and earlier.
Impact and Scope
The first flaw is remotely exploitable with no authentication, no user interaction, and low attack complexity, making it the more immediately dangerous of the two. The second requires privileged local access, limiting its exposure but still presenting a meaningful risk in environments where multiple operators share device access. Both vulnerabilities affect devices deployed globally across critical infrastructure.
Remediation
Schneider Electric has released patched firmware addressing both CVEs:
- EasyLogic T150: Upgrade to firmware version 11.06.32. A device reboot is required after installation.
- Saitel DP: Upgrade to firmware version 11.06.38. A device reboot is required after installation.
Firmware is not publicly downloadable. Operators must contact Schneider Electric’s Customer Care Center to obtain the updated images. Full technical details are available in Schneider Electric security advisory SEVD-2026-160-02, published by the company’s CPCERT team.
Security teams responsible for OT environments running these RTUs should prioritize patching, particularly given the unauthenticated remote attack vector present in CVE-2026-9650.
