Easergy T200

Act Now9.1SEVD-2021-194-05Jul 13, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Easergy T200 RTU contains an authentication bypass vulnerability in control command processing. The vulnerability affects the Modbus TCP, IEC104, and DNP3 protocol interfaces used for electrical distribution network management. An attacker can send control commands to the RTU without proper authentication, potentially altering voltage settings, switching configurations, or other distribution parameters. The vulnerability requires no special privileges or user interaction and is remotely accessible over the network.

What this means

What could happen

An attacker could bypass authentication and send control commands to the Easergy T200 RTU, potentially altering voltage settings, switching configurations, or other electrical distribution controls without proper authorization.

Who's at risk

Electric utilities and municipal distribution authorities operating Easergy T200 RTUs for medium or low voltage network management should prioritize this vulnerability. Any organization using these devices for substation automation, voltage control, or feeder switching operations is affected.

How it could be exploited

An attacker with network access to the RTU's Modbus, IEC104, or DNP3 ports can send specially crafted control commands that bypass the authentication check. The RTU will execute these commands without verifying the attacker's identity, allowing manipulation of electrical distribution parameters.

Prerequisites

Network access to the RTU on the affected protocol port (Modbus TCP port 502, IEC104 port 2404, or DNP3 port 20000)
No credentials required

Remotely exploitableNo authentication requiredLow complexity attackAffects critical infrastructure controlHigh CVSS score (9.1)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier≤ SC2-04MOD-07000100SC2-04MOD-07000103

Easergy T200 (IEC104) SC2-04IEC-07000100 and earlier≤ SC2-04IEC-07000100SC2-04IEC-07000103

Easergy T200 (DNP3) SC2-04DNP-07000102 and earlier≤ SC2-04DNP-07000102SC2-04DNP-07000103

Remediation & Mitigation

0/5

Do now

0/2

Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier

HARDENINGImplement network-level access controls to restrict which systems can reach the RTU's control ports (Modbus TCP 502, IEC104 2404, DNP3 20000) from untrusted networks

All products

HARDENINGMonitor RTU logs for unexpected control commands or authentication failures on the affected protocols

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier

HOTFIXUpgrade Easergy T200 Modbus variant to firmware version SC2-04MOD-07000103 or later

Easergy T200 (IEC104) SC2-04IEC-07000100 and earlier

HOTFIXUpgrade Easergy T200 IEC104 variant to firmware version SC2-04IEC-07000103 or later

Easergy T200 (DNP3) SC2-04DNP-07000102 and earlier

HOTFIXUpgrade Easergy T200 DNP3 variant to firmware version SC2-04DNP-07000103 or later

CVEs (1)

CVE-2021-22772

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e2de9cd9-5e8e-49d7-ae25-1f639ba6116d