OTPulse

Easergy T200

Plan PatchCVSS 9.1SEVD-2021-194-05Jul 13, 2021
Schneider ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Easergy T200 RTU contains an authentication bypass vulnerability in control command processing. The vulnerability affects the Modbus TCP, IEC104, and DNP3 protocol interfaces used for electrical distribution network management. An attacker can send control commands to the RTU without proper authentication, potentially altering voltage settings, switching configurations, or other distribution parameters. The vulnerability requires no special privileges or user interaction and is remotely accessible over the network.

What this means
What could happen
An attacker could bypass authentication and send control commands to the Easergy T200 RTU, potentially altering voltage settings, switching configurations, or other electrical distribution controls without proper authorization.
Who's at risk
Electric utilities and municipal distribution authorities operating Easergy T200 RTUs for medium or low voltage network management should prioritize this vulnerability. Any organization using these devices for substation automation, voltage control, or feeder switching operations is affected.
How it could be exploited
An attacker with network access to the RTU's Modbus, IEC104, or DNP3 ports can send specially crafted control commands that bypass the authentication check. The RTU will execute these commands without verifying the attacker's identity, allowing manipulation of electrical distribution parameters.
Prerequisites
  • Network access to the RTU on the affected protocol port (Modbus TCP port 502, IEC104 port 2404, or DNP3 port 20000)
  • No credentials required
Remotely exploitableNo authentication requiredLow complexity attackAffects critical infrastructure controlHigh CVSS score (9.1)
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier≤ SC2-04MOD-07000100SC2-04MOD-07000103
Easergy T200 (IEC104) SC2-04IEC-07000100 and earlier≤ SC2-04IEC-07000100SC2-04IEC-07000103
Easergy T200 (DNP3) SC2-04DNP-07000102 and earlier≤ SC2-04DNP-07000102SC2-04DNP-07000103
Remediation & Mitigation
0/5
Do now
0/2
Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier
HARDENINGImplement network-level access controls to restrict which systems can reach the RTU's control ports (Modbus TCP 502, IEC104 2404, DNP3 20000) from untrusted networks
All products
HARDENINGMonitor RTU logs for unexpected control commands or authentication failures on the affected protocols
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier
HOTFIXUpgrade Easergy T200 Modbus variant to firmware version SC2-04MOD-07000103 or later
Easergy T200 (IEC104) SC2-04IEC-07000100 and earlier
HOTFIXUpgrade Easergy T200 IEC104 variant to firmware version SC2-04IEC-07000103 or later
Easergy T200 (DNP3) SC2-04DNP-07000102 and earlier
HOTFIXUpgrade Easergy T200 DNP3 variant to firmware version SC2-04DNP-07000103 or later
View full Schneider Electric advisory
API: /api/v1/advisories/e2de9cd9-5e8e-49d7-ae25-1f639ba6116d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.