OTPulse
FeedAboutContact

Saitel DR RTU

Monitor6.5SEVD-2022-347-02Dec 13, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A buffer overflow vulnerability (CWE-787) exists in the Triangle MicroWorks DNP3 Outstation Libraries used by the Saitel DR RTU. A remote attacker can send a malformed DNP3 message to trigger an out-of-bounds write, crashing the DNP3 communication service on the RTU. This results in loss of remote access and monitoring capabilities until manual intervention restores the device. Affected versions are prior to firmware 11.06.15. The vulnerability impacts distribution, transmission, generation, and railway network operations that depend on remote RTU management.

What this means
What could happen
A remote attacker could crash the DNP3 communication protocol on the RTU, causing loss of remote monitoring and control access to critical field devices in the distribution or transmission network until the device is manually rebooted.
Who's at risk
Electric utilities and transportation operators responsible for distribution, transmission, and generation networks using Saitel DR RTU field devices for data acquisition and remote automation should prioritize patching. Railway systems using these RTUs for signaling or communications are also affected.
How it could be exploited
An attacker with network access to the DNP3 port can send a malformed DNP3 message that triggers an out-of-bounds write in the Triangle MicroWorks library, crashing the RTU's DNP3 service and causing denial of service to remote operations.
Prerequisites
  • Network access to the DNP3 port (typically 20000 or 20001) on the affected RTU
  • RTU running firmware version prior to 11.06.15
remotely exploitableno authentication requiredlow complexitycauses denial of service to critical field device communications
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SAITEL DR RTU<11.06.1411.06.15
Remediation & Mitigation
0/2
Do now
0/1
WORKAROUNDRestrict network access to DNP3 ports on the RTU using firewall rules or network segmentation to allow only authorized control center connections
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Saitel DR RTU firmware to version 11.06.15 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/77384d3c-9bd2-4105-85fd-d63488dbe652