Schneider Electric SCADAPack and RemoteConnect

Plan PatchCVSS 9.8ICS-CERT ICSA-26-076-02Feb 10, 2026

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric SCADAPack 47x, 47xi, and 57x Remote Terminal Units contain a vulnerability that allows an attacker with network access to bypass authentication and send unauthorized commands to the RTU without credentials. This could result in denial of service, loss of remote monitoring and control capability, and potential manipulation of controlled systems. RemoteConnect remote management software is also affected. The vulnerability is present in all versions of SCADAPack 57x and versions of 47x/47xi below 9.12.2.

What this means

What could happen

An attacker with network access to an unpatched SCADAPack RTU could execute unauthorized commands on the device, potentially disrupting remote monitoring and control of power distribution or water systems. Loss of RTU connectivity could prevent operators from safely managing critical infrastructure.

Who's at risk

Energy utilities and water authorities that deploy Schneider Electric SCADAPack 47x, 47xi, or 57x RTUs for remote monitoring and control of power distribution, substations, or water treatment systems should prioritize this patch. RemoteConnect software used for remote management of these RTUs is also affected.

How it could be exploited

An attacker on the network sends specially crafted packets to the SCADAPack RTU on its communication port. The vulnerability allows the attacker to bypass authentication checks and send commands to the RTU, potentially executing arbitrary operations on the device without needing valid credentials.

Prerequisites

Network access to SCADAPack RTU on its service port
RTU is not protected by segmentation or firewall rules
Vulnerability affects all firmware versions listed; no authentication bypass required

Remotely exploitableNo authentication requiredLow complexity attackAffects RTU control and monitoring capabilityHigh CVSS 9.8

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SCADAPack™ 47x< 9.12.29.12.2

SCADAPack™ 47xi< 9.12.29.12.2

SCADAPack™ 57x All VersionsAll versions9.12.2

RemoteConnect< R3.4.2R3.4.2

Remediation & Mitigation

0/8

Do now

0/2

WORKAROUNDImplement RTU firewall service to block unauthorized access to all services

WORKAROUNDDisable the logic debug service on all affected RTUs

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

RemoteConnect

HOTFIXUpdate RemoteConnect to version R3.4.2 or later

All products

HOTFIXUpdate SCADAPack 47x to firmware version 9.12.2 or later

HOTFIXUpdate SCADAPack 47xi to firmware version 9.12.2 or later

HOTFIXUpdate SCADAPack 57x to firmware version 9.12.2 or later

Long-term hardening

0/2

HARDENINGSegment SCADAPack RTUs from corporate network and untrusted networks

HARDENINGIf remote access is required, use a VPN and ensure it is updated to the latest version

CVEs (1)

CVE-2026-0667

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4b8a8a78-8dfc-443f-a1b6-be780f9594f1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.