Schneider Electric ASCO 5310/5350 Remote Annunciator

Plan PatchCVSS 8.1ICS-CERT ICSA-25-077-05Feb 11, 2025

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Schneider Electric ASCO 5310 Single-Channel Remote Annunciator and ASCO 5350 Eight Channel Remote Annunciator products. These vulnerabilities could result in denial of service, loss of availability, or loss of device integrity, preventing remote monitoring of transfer switch status and control of transfer/retransfer operations. The base operation of the transfer switch itself is not impacted by these vulnerabilities.

What this means

What could happen

An attacker with network access and valid credentials could cause the remote annunciator to become unavailable or lose integrity, which would prevent operators from remotely monitoring transfer switch status and performing transfer/retransfer control operations.

Who's at risk

Energy and manufacturing operators who use Schneider Electric ASCO 5310 or 5350 Remote Annunciators for transfer switch monitoring and control should be concerned. These devices are deployed in power distribution and backup power systems to provide status indication and remote control capability.

How it could be exploited

An attacker with network access to the ASCO device and valid login credentials could exploit one or more of the underlying vulnerabilities (insecure code, resource exhaustion, unencrypted communications, or unsecured uploads) to cause a denial of service condition or compromise device integrity.

Prerequisites

Network access to the ASCO 5310 or 5350 device
Valid login credentials for the remote annunciator
Knowledge of the vulnerability details (CWE-494, CWE-770, CWE-319, CWE-434)

no patch availableaffects operational visibility and controlrequires authenticated network accessCVSS 8.1 (high severity)

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ASCO 5350 Eight Channel Remote Annunciator All VersionsAll versionsNo fix (EOL)

ASCO 5310 Single-Channel Remote Annunciator All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGIsolate the ASCO 5310 and 5350 devices behind firewalls and on a separate network segment from business networks and internet connectivity

HARDENINGImplement network access controls to restrict connections to the ASCO devices to authorized engineering and operations staff only

HARDENINGPlace ASCO devices in locked cabinets and set to 'Run' mode (not 'Program' mode) when not actively being configured

WORKAROUNDIf remote access to ASCO devices is required, implement a VPN with current security patches and restrict access to specific authorized users

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement air-gap isolation for the ASCO devices; do not connect programming software or configuration tools to any network other than the isolated control network

WORKAROUNDScan all portable media (USB drives, CDs) for malware before connecting to the network segment containing ASCO devices

CVEs (4)

CVE-2025-1058 CVE-2025-1059 CVE-2025-1060 CVE-2025-1070

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/687d58ba-8711-4076-a9ba-000d88d9c30d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.