Insight Home and Insight Facility

Low RiskSEVD-2025-161-01Jun 10, 2025

Schneider ElectricEnergy

Summary

Schneider Electric has identified a vulnerability in a third-party Real-Time Operating System (RTOS) component used in the Insight Home and Insight Facility smart edge devices. These devices are designed to operate within a secure local network environment. Failure to apply mitigations may result in improper device operation and data loss. The vulnerability is in components used by these edge devices, which are intended to be connected to a home router in a local network, not exposed directly to the internet.

What this means

What could happen

An attacker with network access to an exposed Insight Home or Facility device could cause it to malfunction or lose data, disrupting energy monitoring and management operations for residential or small commercial customers.

Who's at risk

Residential and small commercial energy management customers using Schneider Electric Insight Home or Insight Facility smart edge devices for power monitoring and energy management. Any user with these devices connected to their home or office network is potentially affected if the devices are not properly secured.

How it could be exploited

An attacker must first reach the Insight device over the network. If the device is connected directly to the internet with a public IP address or accessed via port forwarding, or if it is on an unsecured network, the attacker could exploit the RTOS vulnerability to compromise the device.

Prerequisites

Network access to the Insight device (requires device to be publicly accessible or on the same local network)
Device must be exposed to the internet or connected to an unsecured network

no patch availablevulnerable RTOS component in third-party softwaredevice designed for local network but vulnerability exists if exposed

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Insight Home All versionsAll versionsNo fix (EOL)

Insight Facility All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/8

Do now

0/4

HARDENINGChange the default Admin password immediately upon first receipt and after any factory reset, using a password with at least 20 characters including uppercase, lowercase, numbers, and special characters

HARDENINGConfigure your home router with strong security settings, including firewall enabled, and keep the router firmware regularly patched

HARDENINGEnsure the Insight device only uses private IP addresses (10.x.x.x, 172.16.x.x–172.31.x.x, or 192.168.x.x) and is never assigned a public IP address

HARDENINGDo not enable port forwarding or expose the device to the public internet; keep it behind your home router firewall only

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HARDENINGPlace the Insight device on a separate network segment, such as a dedicated guest network or VLAN if your router supports it

HARDENINGConfigure Wi-Fi encryption to the strongest available setting (WPA3, or WPA2/3 with protected management frames)

WORKAROUNDSchedule regular reboots of your router, smartphones, and computers to reduce exposure to potential exploits

HARDENINGRestrict physical access to the device by securing USB and LAN ports to prevent unauthorized individuals from tampering with the device

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fa0e6362-402e-407a-9a59-7ad8139f737b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.