Trio™ Licensed and License-free Data Radios

Plan Patch8.2SEVD-2023-346-01Dec 12, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric Trio Licensed and License-Free Data Radio products contain open redirect (CWE-601) and untrusted code download (CWE-494) vulnerabilities. These radios provide long-range wireless data communications for SCADA and remote telemetry applications. An attacker could exploit these vulnerabilities through malicious URLs or redirects to disclose information or install malicious firmware on affected radios.

What this means

What could happen

An attacker could trick a user into clicking a malicious link or redirect that causes the radio to expose sensitive data or install unauthorized firmware, potentially allowing remote control of SCADA communications and telemetry data.

Who's at risk

Energy utilities, water authorities, and other critical infrastructure operators using Schneider Electric Trio Licensed or License-Free Data Radios for SCADA and remote telemetry applications. Specifically affects long-range wireless data communication systems that may control or monitor power distribution, water systems, or other remote equipment.

How it could be exploited

An attacker crafts a malicious URL or redirect (CWE-601 open redirect / CWE-494 download of untrusted code) and delivers it to a user managing the radio via email or social engineering. When the user clicks the link while authenticated to the radio's management interface, the browser redirects to an attacker-controlled site that serves malicious firmware or captures session data. The radio then executes the attacker's code or the attacker gains access to SCADA/telemetry communications.

Prerequisites

User with administrative access to the radio management interface
User must click a malicious link while authenticated to the radio
Network access to the radio's web management port (typically 80/443)

remotely exploitableuser interaction required (user must click link)affects SCADA communicationsno fix available for E-Series all versions

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (5)

3 with fix1 pending1 EOL

ProductAffected VersionsFix Status

Trio Q-Series prior to V2.7.0<2.7.0No fix yet

Trio J-Series Ethernet Data Radio<3.8.33.8.3

Trio Q-Series Ethernet Data Radio All VersionsAll versions2.7.0

Trio J-Series Ethernet Data Radio All VersionsAll versions3.8.3

Trio E-Series Ethernet Data Radio All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGFor Trio E-Series and legacy Trio Q-Series (if versions cannot be upgraded), restrict administrative access to the radio management interface to a dedicated engineering network segment

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Trio J-Series Ethernet Data Radio

HOTFIXUpgrade Trio J-Series Ethernet Data Radio firmware to version 3.8.3 or later

All products

HOTFIXUpgrade Trio Q-Series Data Radio firmware to version 2.7.0 or later

Mitigations - no patch available

0/2

Trio E-Series Ethernet Data Radio All Versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate radio management traffic from general IT networks and untrusted users

HARDENINGTrain engineers and operators to avoid clicking unfamiliar links when managing radio devices, especially in external communications

CVEs (2)

CVE-2023-5629 CVE-2023-5630

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/775e2956-0b09-4fda-92db-5f1ca087a2fe