Schneider Electric Easergy P5 and P3

Plan PatchCVSS 8.8ICS-CERT ICSA-22-055-03Jan 11, 2022

Schneider ElectricEnergy

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Easergy P3 and P5 relays contain buffer overflow and input validation vulnerabilities that allow an attacker on the local network to disclose device credentials, cause device reboot or denial of service, or execute arbitrary code for full device compromise. The vulnerabilities are in the device protocol implementation and do not require valid credentials or remote network access. No public exploits are known, but these are actively tracked vulnerabilities affecting critical electrical protection equipment.

What this means

What could happen

An attacker on the local network could steal device credentials, crash the relay, or gain full control of it, potentially disabling electrical protection functions and causing loss of power delivery or equipment protection to your grid.

Who's at risk

Electrical utilities and power distribution operators who use Schneider Electric Easergy P5 or P3 protection relays. These relays provide critical protection and control functions in substations and distribution networks.

How it could be exploited

An attacker on the same local network segment as the relay can exploit buffer overflow or input validation flaws in the device protocol to execute arbitrary code. The attacker does not need valid credentials or user interaction. Disabling GOOSE service eliminates some but not all vectors.

Prerequisites

Network access to the local network segment where the relay operates (not remotely exploitable)
No valid credentials required
No user interaction needed

No authentication requiredLow complexity attackAffects critical safety/protection systemsCredentials exposed by vulnerabilityLocal network access sufficient

Exploitability

Some exploitation risk — EPSS score 1.9%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Easergy P3 <30.205<30.20530.205

Easergy P5 <=V01.401.102≤ V01.401.102V01.402.101

Easergy P3: All< 30.205v30.205

Easergy P5 All firmware:< 01.401.102v01.402.101

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDDisable the GOOSE service on affected devices if not required for operations

HARDENINGIf GOOSE service must remain enabled, restrict it to a secure local area network only; isolate the relay network from the business network using a firewall

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Easergy P5 firmware to v01.402.101

HOTFIXUpgrade Easergy P3 firmware to v30.205

Long-term hardening

0/3

HARDENINGPlace all relays in locked cabinets and ensure they are never left in Program mode

HARDENINGMinimize network exposure of relays; ensure they are not accessible from the Internet or business networks

HARDENINGUse secure remote access methods such as VPNs when remote access to relays is required

CVEs (6)

CVE-2022-34757 CVE-2022-34756 CVE-2022-22722 CVE-2022-22723 CVE-2022-22725 CVE-2022-34758

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/19118620-e1f2-4297-8522-e2ab960d2086

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.