OTPulse
FeedAboutContact

Easergy P3

Plan Patch8.8SEVD-2022-011-04Jan 11, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Buffer overflow vulnerability in Schneider Electric Easergy P3 medium voltage protection relay. Failure to patch could allow an attacker with network access to cause device reboot, loss of communications, or full device compromise, resulting in loss of electrical network protection and potential cascading outages.

What this means
What could happen
An attacker with network access to the Easergy P3 relay could exploit a buffer overflow to cause the device to reboot, lose communications, or grant full control of the relay, removing electrical network protection and risking outages or equipment damage.
Who's at risk
Electrical utilities and substations operating Schneider Electric Easergy P3 medium voltage protection relays. This equipment is critical for detecting faults and isolating damaged sections of the electrical network. Any loss of protection puts the wider grid at risk.
How it could be exploited
An attacker on the same network segment sends a specially crafted message that overflows the relay's input buffer. This could crash the relay, cause it to lose network connectivity, or allow the attacker to execute arbitrary code and take full control of the relay's protection logic and settings.
Prerequisites
  • Network access to the Easergy P3 relay on the same network segment or via industrial network (typically Ethernet)
  • No authentication required to send the malicious message
remotely exploitableno authentication requiredlow complexityaffects safety systemshigh impact (full device control)loss of protection relay function
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Easergy P3 <30.205<30.20530.205
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Easergy P3 firmware to version 30.205 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/94e29d87-0d86-4403-ba9c-7b2374229b46
Easergy P3 | CVSS 8.8 - OTPulse