Schneider Electric Enerlin’X IFE and eIFE
MonitorCVSS 6.5ICS-CERT ICSA-25-079-02Feb 11, 2025
Schneider ElectricEnergy
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Denial of service vulnerabilities exist in Schneider Electric Enerlin'X IFE and eIFE interface devices (used to connect Masterpact, PowerPact, and Compact circuit breakers to Ethernet networks). An attacker on the local network segment can send a specially crafted message to crash the firmware, disabling IEC61850 network services and requiring manual device reboot. Affected versions are 004.009.000 and earlier. Fix available in version 004.010.000.
What this means
What could happen
An attacker on the local network can crash the IFE/eIFE interface firmware, causing the circuit breaker management system to lose IEC61850 network services and require a manual reboot, disrupting monitoring and control of Masterpact, PowerPact, or Compact circuit breakers.
Who's at risk
Energy utilities and industrial facilities operating Schneider Electric circuit breaker management systems—specifically those using Masterpact, PowerPact, or Compact circuit breakers connected to the network via Enerlin'X IFE or eIFE interfaces for remote monitoring and Ethernet-based control over IEC61850 protocols.
How it could be exploited
An attacker with network access to the local segment where the IFE/eIFE is connected can send a specially crafted message to trigger a denial of service condition in the device firmware, causing the IEC61850 services to become unavailable. The device must be rebooted manually to restore functionality.
Prerequisites
- Network access to the local segment where the IFE/eIFE interface is connected (AV:A)
- No authentication or credentials required (PR:N)
remotely exploitable from local networkno authentication requiredlow complexity attackaffects critical infrastructure (circuit breaker management)causes denial of service of safety management services
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Enerlin'X IFE interface (LV434001) All VersionsAll versions004.010.000
Enerlin'X eIFE (LV851001) All VersionsAll versions004.010.000
Enerlin'X IFE interface≤ 004.009.000004.010.000
Enerlin'X eIFE v004.009.000 and prior≤ 004.009.000004.010.000
Remediation & Mitigation
0/5
Do now
0/2HARDENINGImplement network segmentation to restrict device access; block all ports used by IFE/eIFE except those required for operation per user guide
HARDENINGConfigure Access Control List on the IFE/eIFE following Schneider Electric's Cybersecurity Guide and user guide
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Enerlin'X IFE interface (LV434001) All Versions
HOTFIXUpdate Enerlin'X IFE (LV434001) firmware to version 004.010.000 or later using EcoStruxure Power Commission tool
Enerlin'X eIFE (LV851001) All Versions
HOTFIXUpdate Enerlin'X eIFE (LV851001) firmware to version 004.010.000 or later using EcoStruxure Power Commission tool
Long-term hardening
0/1HARDENINGIsolate IFE/eIFE from untrusted networks and the public Internet; ensure device is not reachable from business network
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e4a8ef50-65cd-407e-b60b-47d0364310ceGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.