Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

MonitorCVSS 6.7ICS-CERT ICSA-25-240-03Aug 12, 2025

Schneider ElectricEnergyTransportation

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Saitel DR and Saitel DP RTUs contain a privilege escalation vulnerability (CWE-269) related to insecure configuration file permissions and daemon access control. The vulnerability allows local/console attackers to execute arbitrary code and escalate privileges, potentially resulting in denial of service, loss of confidentiality, and integrity compromise of the device. The Saitel DR RTU is vulnerable in versions before 11.06.30. The Saitel DP RTU versions before 11.06.34 are affected, and no fix is currently planned. Successful exploitation requires physical or console access to the device; remote exploitation is not possible.

What this means

What could happen

An attacker with local console access or physical access to a Saitel DR or DP RTU could execute arbitrary code and escalate privileges, potentially disrupting critical power distribution or railroad operations by altering automation logic or stopping communications.

Who's at risk

Power utilities and transportation operators deploying Schneider Electric Saitel DR and Saitel DP RTUs for distribution automation, substation control, and railway operations. The Saitel DR is used in distribution/transmission networks and railways; Saitel DP serves medium and low voltage distribution and transmission management.

How it could be exploited

An attacker gains local console or physical access to the RTU. They exploit a privilege escalation flaw (CWE-269) in file permissions or daemon configuration to execute arbitrary code with elevated privileges on the device. This allows them to modify control logic, disable communications, or cause denial of service.

Prerequisites

Physical or console access to the RTU
Ability to interact with privileged daemons or configuration files on the device

Privilege escalation vulnerabilityLocal/console access requiredAffects critical infrastructure (energy and transportation)Saitel DP has no patch planned

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

Saitel DR RTU<11.06.2911.06.30

Saitel DP RTU<11.06.34No fix (EOL)

Saitel DR RTU 11.06.3011.06.30HUe Firmware

Remediation & Mitigation

0/6

Do now

0/2

Saitel DP RTU

WORKAROUNDFor Saitel DP RTU, enforce password policy using EcoStruxure Cybersecurity Admin Expert tool, requiring strong passwords and regular updates

All products

WORKAROUNDLimit physical and console access to the RTU to trusted users only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Saitel DR RTU

HOTFIXUpdate Saitel DR RTU to HUe Firmware version 11.06.30 or later

All products

HARDENINGEnsure configuration files are owned by root, not writable by non-privileged users, and set to minimum necessary permissions

Mitigations - no patch available

0/2

Saitel DP RTU has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlace RTUs behind firewalls and isolate them from business networks; ensure they are not accessible from the internet

HARDENINGFor Saitel DP RTU without an available patch, consider upgrading to PowerLogic T500 Substation Controller

CVEs (1)

CVE-2025-8453

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/13b92cf5-ef0f-4715-bf3d-f55c175bc87d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.