Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Monitor6.7ICS-CERT ICSA-25-240-03Aug 12, 2025
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability exists in Schneider Electric Saitel DR RTU (firmware versions before 11.06.30) and Saitel DP RTU due to improper file permissions on configuration files used by privileged daemons. An attacker with local console access and elevated credentials could modify these files to execute arbitrary code and escalate privileges further, potentially compromising device operation including denial of service, loss of confidentiality, and loss of integrity.
What this means
What could happen
An attacker with physical or local console access could execute arbitrary code on the RTU and escalate privileges, potentially disrupting critical automation functions in power distribution, transmission, or railway networks.
Who's at risk
Energy and transportation utilities operating Schneider Electric Saitel DR or Saitel DP RTUs should prioritize this issue. These devices are deployed in distribution and transmission network management, generation facilities, and railway automation systems where they control critical infrastructure automation and data acquisition.
How it could be exploited
The vulnerability requires local/physical access to the device (console or direct connection). An attacker with elevated privileges on the RTU could exploit improper permission handling in privileged daemon configuration files to execute arbitrary code and escalate privileges further, compromising the device's operation.
Prerequisites
- Physical or local console access to the RTU
- Elevated/privileged user credentials or access to privileged daemons
- Ability to modify configuration files on the device
Requires local/physical access only (not remotely exploitable)Requires elevated privilegesAffects critical infrastructure devicesSaitel DP RTU has no fix plannedPrivilege escalation possible
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
Saitel DR RTU<11.06.2911.06.30
Saitel DP RTU<11.06.34No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/3Saitel DP RTU
WORKAROUNDFor Saitel DP RTU: Limit physical and console access to trusted users only until a vendor patch is available
All products
HARDENINGEnsure configuration files used by privileged daemons are owned by root, not writable by non-privileged users, and set to minimum permissions
HARDENINGEnforce strong password policy and update RTU passwords regularly using EcoStruxure Cybersecurity Admin Expert tool or device webpage
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
Saitel DR RTU
HOTFIXUpdate Saitel DR RTU to firmware version 11.06.30 or later
Long-term hardening
0/1Saitel DP RTU
HOTFIXFor Saitel DP RTU: Consider upgrading to PowerLogic T500 Substation Controller
Mitigations - no patch available
0/1Saitel DP RTU has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate RTU devices behind firewalls and on separate networks from business IT systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/13b92cf5-ef0f-4715-bf3d-f55c175bc87d