Schneider Electric Zigbee Products

MonitorCVSS 6.5ICS-CERT ICSA-26-027-03Jan 13, 2026

Schneider ElectricEnergyOil & gas

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Zigbee-based connected devices contain denial of service vulnerabilities in the underlying Silicon Labs EmberZNet Zigbee stack. Affected products include Wiser connected thermostats (iTRV, RTR, UFH), heating switches, boiler relays, micromodules, dimmers, switches, shutter controllers, smart socket outlets, and EV charging interface modules. All versions are vulnerable. The vulnerability allows an attacker within wireless range to send crafted Zigbee packets causing devices to become unresponsive and unavailable until manual restart. No vendor patch is available for any affected product.

What this means

What could happen

Denial of service on Schneider Electric Zigbee-based connected devices could disrupt automated control of lighting, heating, HVAC, and electrical distribution systems. Affected devices may become unresponsive and require manual reset, leaving facilities unable to control power distribution, climate, or loads until service is restored.

Who's at risk

Energy and oil/gas operators using Schneider Electric Wiser connected thermostats (iTRV, RTR, UFH), heating switches, boiler relays, micromodules, dimmer and switch controllers, socket outlets, and EV charging interface modules. Any facility automating lighting, HVAC, or electrical load control with these Zigbee products should treat this as a facility-wide availability risk.

How it could be exploited

An attacker within wireless range or on the same Zigbee network can send specially crafted packets to trigger a denial of service condition in the EmberZNet stack without authentication. The attacker needs local RF proximity or access to the Zigbee mesh network; no credentials are required. Affected devices will stop responding to commands, disabling automated control until manually rebooted.

Prerequisites

Proximity to Zigbee RF network (local wireless range)
Access to the Zigbee mesh network
No authentication required
Ability to craft Zigbee protocol messages

No patch availableDenial of service affects critical automationLow complexity exploitation (wireless proximity only)Affects building automation and power distributionAll versions vulnerableNo authentication required

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (34)

34 pending

ProductAffected VersionsFix Status

Iconic, Connected Smart Socket All VersionsAll versionsNo fix yet

Wiser Connected Application Module 1-Gang All VersionsAll versionsNo fix yet

Wiser Connected Application Module 2-Gang All VersionsAll versionsNo fix yet

Wiser Connected Push Button Dimmer All VersionsAll versionsNo fix yet

Wiser Connected Push Button Switch All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDisable Zigbee devices that are not actively required for operations; power off or remove from network.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement RF shielding or physical separation to limit Zigbee mesh network range and prevent external wireless access.

HARDENINGMonitor Zigbee network for unresponsive devices and establish procedures for rapid device restart and network recovery.

Long-term hardening

0/2

HARDENINGIsolate all Zigbee-connected control and safety system networks from the business network with firewalls.

HARDENINGPlace all Zigbee control devices in physically locked enclosures to prevent unauthorized access and tamper.

CVEs (5)

CVE-2024-6350 CVE-2024-6351 CVE-2024-6352 CVE-2024-10106 CVE-2024-7322

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6d8e2eec-7e35-47b9-96f5-71d5188fd345

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.