Schneider Electric EasyLogic T150 and Saitel DP

Plan PatchCVSS 7.1ICS-CERT ICSA-26-169-04May 12, 2026

Schneider ElectricEnergyTransportation

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric has identified a path traversal vulnerability in EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller versions ≤11.06.31 and Saitel DP Remote Terminal Unit & Controller versions ≤11.06.36. An authenticated user could bypass file access controls and read unauthorized files on the device, potentially exposing configuration data, credentials, or operational information. The vulnerability requires valid user credentials and network access to the RTU's management interface. Vendor fixes are available: EasyLogic T150 version 11.06.32 and Saitel DP version 11.06.37. If patching cannot be immediately applied, implement strict credential controls and ensure network isolation per product security guidelines.

What this means

What could happen

An authenticated user could exploit a path traversal flaw to read sensitive files on the RTU, potentially exposing configuration data, credentials, or operational information. This could lead to further compromise of the substation or distribution network.

Who's at risk

Energy utilities and transportation operators who use Schneider Electric EasyLogic T150 (formerly Saitel DR) or Saitel DP Remote Terminal Units for distribution, transmission, or substation control. These devices are critical infrastructure components that aggregate field data and control medium/high voltage equipment.

How it could be exploited

An attacker with valid user credentials (engineering workstation or operator account) could craft file path requests to the RTU's file access interface, using directory traversal sequences (e.g., "../") to bypass access controls and read files outside their intended directory, including system configuration or sensitive data.

Prerequisites

Valid user account credentials on the RTU (engineering, operator, or other authenticated role)
Network access to the RTU management/configuration interface
Knowledge of file paths on the device to target sensitive data

Remotely exploitable from management networkAuthentication required but often shared among multiple operatorsAffects critical infrastructure (substation/distribution control)No exploit in active public use (low EPSS score)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller≤ 11.06.3111.06.32

Saitel DP Remote Terminal Unit & Controller≤ 11.06.3611.06.37

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict user account privileges to the minimum necessary for operational duties; audit and remove unnecessary user accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EasyLogic T150 (Saitel DR) to firmware version 11.06.32 or later

HOTFIXUpdate Saitel DP to firmware version 11.06.37 or later

Long-term hardening

0/1

HARDENINGEnsure network isolation of RTUs per Schneider Electric security recommendations; restrict management access to engineering workstations only, not shared IT networks

CVEs (1)

CVE-2026-6865

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74df9f7a-96ab-4d87-85ea-7eadd97c9372

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.