Schneider Electric Trio Q Licensed Data Radio

Monitor6.8ICS-CERT ICSA-25-107-01Apr 8, 2025

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Trio Q Licensed Data Radio contains vulnerabilities in versions prior to 2.7.2 related to CWE-922 (Insecure Direct Object References) and CWE-1188 (Initialization with Hard-Coded Network Resource Configuration Data). These vulnerabilities could result in unauthorized access, loss of confidentiality, integrity, and availability. The advisory notes these vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with physical access to a Trio Q radio unit could potentially extract sensitive information or gain unauthorized control of the device, which could compromise confidentiality, integrity, and availability of SCADA telemetry and remote communications in energy systems.

Who's at risk

Energy sector organizations operating Point-to-Point or Multipoint telemetry systems and remote SCADA systems using Schneider Electric Trio Q Licensed Data Radios should prioritize this vulnerability, especially if devices are deployed in locations where unauthorized personnel may gain physical access.

How it could be exploited

An attacker must have physical access to the Trio Q Licensed Data Radio unit. Through physical access, the attacker could exploit the identified vulnerabilities to disclose information or gain unauthorized access to the device, potentially affecting the telemetry or SCADA communications it facilitates.

Prerequisites

Physical access to the Trio Q Licensed Data Radio unit
Device running firmware version prior to 2.7.2

Physical access required for exploitationAffects SCADA/telemetry communicationsNo authentication required for exploitation once physical access obtainedMedium severity with potential for high confidentiality/integrity/availability impact

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Trio™ Q Licensed Data Radio<2.7.22.7.2

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGVerify firmware integrity using hash values published in the release notes before and after firmware updates

HARDENINGInstall Trio Q Data Radios in physically secure locations with restricted access and ensure only authorized personnel can reach the devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Trio Q Licensed Data Radio firmware to version 2.7.2 or later following Section 10 Part J of the Trio Q Series Data Radio User Manual

Long-term hardening

0/1

HARDENINGImplement secure decommissioning procedures for Trio Q Data Radios to prevent device recovery and information disclosure

CVEs (3)

CVE-2025-2440 CVE-2025-2441 CVE-2025-2442

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9a418ef8-c823-4257-93ec-a4159259a022