Schneider Electric Easergy T300

Act Now10ICS-CERT ICSA-20-343-03Dec 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Easergy T300 contains access control weaknesses that could allow an attacker on the network to gain unauthorized access to the device's internal LAN. This could lead to disclosure of sensitive information, denial of service attacks, and remote code execution. The vulnerability affects all firmware versions 2.7 and earlier, with no firmware patch planned by Schneider Electric.

What this means

What could happen

An attacker who gains access to the device's internal network could read sensitive data, disrupt operations, or execute arbitrary commands on the Easergy T300, potentially affecting power system monitoring and control functions.

Who's at risk

Electric utilities and power distribution operators running Schneider Electric Easergy T300 devices (firmware version 2.7 or earlier) for protection, control, and monitoring of medium-voltage equipment should prioritize remediation, as these devices are often critical to grid stability and switching operations.

How it could be exploited

An attacker on the network (or with network access to the device) can exploit missing or weak access controls to reach the internal LAN. Once inside, they can read configuration data, cause denial of service, or run code on the device to alter settings or disable monitoring.

Prerequisites

Network access to the Easergy T300 device
Access control restrictions missing or misconfigured
No authentication or weak authentication enforced on internal LAN access

remotely exploitableno authentication requiredlow complexityno patch availablecritical severityaffects power system control and monitoring

Exploitability

Low exploit probability (EPSS 1.0%)

Affected products (1)

ProductAffected VersionsFix Status

Easergy T300 with firmware:≤ 2.7No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGSegment the Easergy T300 onto a protected network zone with firewall rules that restrict inbound access to only authorized personnel and systems

HARDENINGImplement strong access control lists (ACLs) on network switches and firewalls to prevent unauthorized devices from reaching the T300

HARDENINGMonitor and audit network traffic to and from the Easergy T300 for suspicious access patterns

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDisable unnecessary network services and protocols on the T300 if possible

Mitigations - no patch available

0/1

Easergy T300 with firmware: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGApply defense-in-depth security practices including regular security assessments and penetration testing of the T300 deployment

CVEs (5)

CVE-2020-7561 CVE-2020-28215 CVE-2020-28216 CVE-2020-28217 CVE-2020-28218

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6b43a753-c6eb-42e4-8e1e-e95b03ccde5d