OTPulse
FeedAboutContact

Harmony Relay NFC

Plan Patch8.8SEVD-2024-044-02Feb 13, 2024
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric has identified an authentication bypass vulnerability in Harmony Timer Relay and Harmony Control Relay products (all versions). These are 8A multifunction 3-phase control and modular timing relays. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to modify device configuration without valid credentials, potentially altering relay behavior or disabling safety functions.

What this means
What could happen
An attacker with network access to the relay could bypass authentication and modify device configuration settings, potentially altering how the relay responds to control signals or disabling safety functions.
Who's at risk
Water authorities and municipal utilities that use Schneider Electric Harmony Timer Relays or Harmony Control Relays in 3-phase electrical distribution, pump control, or safety circuits should assess their exposure. These relays are commonly used for motor control and automated process switching in treatment plants and distribution systems.
How it could be exploited
An attacker on the same network segment as the Harmony Timer or Control Relay could send specially crafted NFC or network commands to bypass authentication checks, gaining direct access to reconfigure the relay without valid credentials.
Prerequisites
  • Network access to the relay (same network segment or adjacent industrial network)
  • No valid credentials required
no authentication requiredlow complexityno patch availableaffects safety systems (potentially)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Harmony Timer Relay All versionsAll versionsNo fix (EOL)
Harmony Control Relay All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/4
HARDENINGPlace all Harmony relays in locked cabinets and ensure they are never left in 'Program' mode
HARDENINGDo not connect programming software to any network other than the isolated control network
HARDENINGProhibit mobile devices that have accessed other networks from connecting to control systems without proper sanitization
HARDENINGEnsure Harmony relays are not exposed to the Internet and minimize network exposure
Mitigations - no patch available
0/3
The following products have reached End of Life with no planned fix: Harmony Timer Relay All versions, Harmony Control Relay All versions. Apply the following compensating controls:
HARDENINGIsolate control relay networks behind firewalls and separate them from the business network
HARDENINGScan all removable media (USB drives, CDs) for malware before connecting to the control network
HARDENINGIf remote access is required, use VPNs and keep VPN software updated to the current version
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/65c6c1d1-f8d8-4a24-8b8e-7a296a3126ac
Harmony Relay NFC | CVSS 8.8 - OTPulse