Schneider Electric SCADAPack and RemoteConnect

Act Now9.8ICS-CERT ICSA-26-076-02Mar 17, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric SCADAPack x70 Remote Terminal Units (RTUs) contain a vulnerability that allows unauthenticated remote access, potentially resulting in unauthorized control of the device, denial of service, and loss of data confidentiality and integrity. Affected products include SCADAPack 47x, 47xi, and 57x units, all versions, as well as RemoteConnect in versions prior to R3.4.2. The vulnerability enables an attacker to gain unauthorized access and run commands on the RTU without authentication, potentially altering process parameters or stopping remote monitoring and control operations.

What this means

What could happen

An attacker with network access to a SCADAPack RTU could run unauthorized commands on the device, potentially altering setpoints, stopping water/power operations, or disabling monitoring and control functions. The attacker could also access sensitive configuration data.

Who's at risk

Water and electric utility operators managing Schneider Electric SCADAPack 47x, 47xi, or 57x remote terminal units used for SCADA communication and control. Any organization relying on RemoteConnect for remote monitoring should also be concerned. These devices are critical to distributed operations across substations, water treatment facilities, and remote monitoring points.

How it could be exploited

An attacker reaches the RTU over the network and exploits the unspecified vulnerability to gain unauthenticated remote code execution. The attacker can then send commands to the RTU that alter its operational state or configuration without the operator's knowledge.

Prerequisites

Network access to the RTU on its communication port
No credentials required

Remotely exploitableNo authentication requiredLow complexityHigh CVSS score (9.8)Affects critical OT control systems

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SCADAPack™ 47x< 9.12.29.12.2

SCADAPack™ 47xi< 9.12.29.12.2

SCADAPack™ 57x All VersionsAll versions9.12.2

RemoteConnect< R3.4.2R3.4.2

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisable the logic debug service on all affected RTUs

WORKAROUNDEnable the RTU firewall service and configure network segmentation to block all unauthorized access to RTU services

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

RemoteConnect

HOTFIXApply firmware version 9.12.2 to SCADAPack 47x and 47xi units, and RemoteConnect version R3.4.2

All products

HARDENINGFollow SCADAPack Security Guidelines section 8.3 for secured communication configuration

Long-term hardening

0/2

HARDENINGIsolate RTU and control system networks behind firewalls and away from business networks

HARDENINGEnsure RTUs are not directly accessible from the internet

CVEs (1)

CVE-2026-0667

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4b8a8a78-8dfc-443f-a1b6-be780f9594f1