Schneider Electric ASCO 5310/5350 Remote Annunciator

Plan Patch8.1ICS-CERT ICSA-25-077-05Feb 11, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric ASCO 5310 Single-Channel and 5350 Eight-Channel Remote Annunciators contain multiple vulnerabilities stemming from insecure file upload (CWE-434), resource exhaustion (CWE-770), unencrypted communications (CWE-319), and untrusted code execution (CWE-494). These stand-alone devices provide transfer switch status monitoring and control in automatic transfer switch (ATS) installations. Successful exploitation could result in denial of service, loss of availability, or device integrity corruption, preventing operators from using the annunciator to monitor transfer switch status or execute transfer/retransfer operations. The underlying transfer switch itself is not affected. No vendor fix is available; mitigation relies on network segmentation, access controls, and secure operational practices.

What this means

What could happen

An attacker with credentials and network access could cause the Remote Annunciator to become unavailable or corrupt its operating integrity, preventing operators from monitoring transfer switch status or controlling switchover operations—though the transfer switch itself would continue to function.

Who's at risk

Water utilities and electric cooperatives that use Schneider Electric ASCO 5310 and 5350 Remote Annunciators for monitoring and controlling automatic transfer switches (ATS) in backup power systems. These devices are critical for managing switchover between utility and generator power in substations and critical facilities.

How it could be exploited

An attacker with valid login credentials and network reachability to the ASCO device could send specially crafted requests to trigger resource exhaustion or upload malicious firmware/configuration, causing the device to become unresponsive or malfunction. This requires initial compromise of credentials or access from within the network.

Prerequisites

Network access to the ASCO 5310 or 5350 device
Valid login credentials (username and password)
Knowledge of device management interface or API endpoints

requires valid credentials for exploitationlow network complexityno patch availableaffects operational visibility (loss of monitoring capability)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ASCO 5350 Eight Channel Remote Annunciator All VersionsAll versionsNo fix (EOL)

ASCO 5310 Single-Channel Remote Annunciator All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

HARDENINGImplement physical access controls: keep devices in locked cabinets and never leave in Program mode

HARDENINGDo not connect programming or management software to networks other than the isolated control network

WORKAROUNDScan all removable media (USB drives, CDs) for malware before connecting to the control network

HARDENINGProhibit mobile devices that have connected to external networks from accessing the control network without sanitization

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: ASCO 5350 Eight Channel Remote Annunciator All Versions, ASCO 5310 Single-Channel Remote Annunciator All Versions. Apply the following compensating controls:

HARDENINGPlace ASCO annunciator devices behind a firewall and isolate the control network from the business network

HARDENINGEnsure ASCO devices are not accessible from the Internet; minimize network exposure

HARDENINGIf remote access is required, use VPN with the most current version available; maintain VPN patches

CVEs (4)

CVE-2025-1058 CVE-2025-1059 CVE-2025-1060 CVE-2025-1070

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/687d58ba-8711-4076-a9ba-000d88d9c30d