Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
Plan PatchCVSS 8.3ICS-CERT ICSA-26-169-07May 12, 2026
Schneider ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Schneider Electric Easergy MiCOM protection relays, PowerLogic control platforms, EcoStruxure Power Automation systems, Saitel devices, and related products contain improper input validation vulnerabilities. These vulnerabilities could allow an attacker to disrupt power system operations or access sensitive configuration data without authentication. The vulnerabilities affect multiple product lines used in electrical substations and control systems across energy sector infrastructure.
What this means
What could happen
An attacker could send specially crafted input to these protection relays and control devices, potentially disrupting power distribution operations or accessing sensitive system data without proper authentication.
Who's at risk
Protection relay engineers, power distribution operators, and electrical utilities operating Schneider Electric's Easergy MiCOM series relays, PowerLogic protection and control platforms, EcoStruxure Power Automation and Operations systems, and Saitel/EasyLogic devices. These are critical devices used in substations and distribution networks to monitor and protect power systems.
How it could be exploited
An attacker with network access to the affected devices could send malformed input that bypasses validation checks. This could allow command execution or unauthorized access to the relay's configuration and operational data. The attack requires user interaction or network adjacency but does not require authentication.
Prerequisites
- Network access to the affected Easergy MiCOM, PowerLogic, Saitel, or EcoStruxure device
- Ability to send network traffic to the device management or protocol interface
- For some vectors, user interaction may be required to trigger the vulnerability
Remotely exploitableLow complexity attackNo authentication required for some vectorsHigh CVSS score (8.3)Affects critical power protection infrastructureMultiple product families affected
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (30)
22 with fix8 pending
ProductAffected VersionsFix Status
Easergy MiCOM C264≤ D7.33D7.34
Easergy MiCOM P139≤ P139.678.700Fix available
Easergy MiCOM P437≤ P437.678.700No fix yet
Easergy MiCOM P439≤ P439.678.700P439.678.700
Easergy MiCOM P532≤ P532.678.700No fix yet
Remediation & Mitigation
0/21
Do now
0/1Easergy MiCOM P437
WORKAROUNDFor Easergy MiCOM P437, P532, P631, P436, P438, P638, and P634 (P634.680.700) where patches are not available, restrict network access to these devices using firewall rules to limit exposure.
Schedule — requires maintenance window
0/19Patching may require device reboot — plan for process interruption
Easergy MiCOM C264
HOTFIXUpdate Easergy MiCOM C264 to version D7.34 or later. Reboot required.
Easergy MiCOM P139
HOTFIXUpdate Easergy MiCOM P139 to version P139.678.700 or later.
Easergy MiCOM P439
HOTFIXUpdate Easergy MiCOM P439 to version P439.678.700 or later.
Easergy MiCOM P539
HOTFIXUpdate Easergy MiCOM P539 to version P539.678.700 or later.
Easergy MiCOM P632
HOTFIXUpdate Easergy MiCOM P632 to version P632.678.700 or later.
Easergy MiCOM P633
HOTFIXUpdate Easergy MiCOM P633 and P634 to latest available versions. Reboot required.
Easergy MiCOM P138
HOTFIXUpdate Easergy MiCOM P138 to version P138.677.701 or later.
Easergy MiCOM C434
HOTFIXUpdate Easergy MiCOM C434 to version C434.679.700 or later.
PowerLogic T300
HOTFIXUpdate PowerLogic T300 to version 2.9.5 or later.
PowerLogic T500
HOTFIXUpdate PowerLogic T500 to version 11.08.03 or later.
Saitel DP
HOTFIXUpdate Saitel DP to version 11.06.37 or later.
EasyLogic T150 (formerly Saitel DR)
HOTFIXUpdate EasyLogic T150 (formerly Saitel DR) to version 11.06.31 or later.
Easergy C5
HOTFIXUpdate Easergy C5 to version 1.1.18 or later. Reboot required.
iPMFLS
HOTFIXUpdate iPMFLS to version 64.2025.0.14 or later.
All products
HOTFIXUpdate EcoStruxure Power Automation System Gateway to version 6.4.610.500.101 or later.
HOTFIXUpdate EcoStruxure Power Automation System UI to latest available version.
HOTFIXUpdate EcoStruxure Power Operation to latest available version (2024 CU3 or later).
HOTFIXUpdate PowerLogic P5 Protection Relay to version 02.503.101 or later.
HOTFIXUpdate PowerLogic P7 Protection and Control Platform to version 02.003.001 or later.
Long-term hardening
0/1HARDENINGFor Easergy MiCOM P40 Series with Protocol Options G, H, or L where no patch is available, restrict management access to authorized engineering workstations only via network segmentation.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/389d98bd-7a2b-4f28-94a7-db68519727eaGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.