CISA Flags Critical Credential Exposure Vulnerabilities in Schneider Electric Industrial Devices
CISA has issued an alert for two critical vulnerabilities in Schneider Electric's EasyLogic T150 and Saitel DP RTU devices, which could allow unauthenticated attackers to expose sensitive credentials.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two significant vulnerabilities affecting Schneider Electric's EasyLogic T150 and Saitel DP Remote Terminal Units (RTUs), devices critical to industrial control systems.
These vulnerabilities, designated CVE-2026-9650 and CVE-2026-9651, could allow unauthenticated attackers to gain unauthorized access to sensitive credentials stored within the devices' firmware or system files. Successful exploitation could lead to further compromise of the industrial control systems if the attacker has physical access to the affected hardware.
CVE-2026-9650, classified as an "Insufficiently Protected Credentials" vulnerability (CWE-522), allows an unauthenticated attacker to access credentials embedded in firmware or system files. This access, particularly when combined with physical access, could enable an attacker to compromise the device.
CVE-2026-9651, categorized under "Incorrect Permission Assignment for Critical Resource" (CWE-732), could lead to the unauthorized disclosure of password hashes. This, in turn, could facilitate account compromise if an attacker with privileged local access manages to read improperly protected system files.
The affected versions include EasyLogic T150 (formerly Saitel DR) RTU controllers running firmware versions up to 11.06.30 for CVE-2026-9650 and up to 11.06.31 for CVE-2026-9651. Similarly, Saitel DP RTU controllers are affected up to firmware version 11.06.35 for CVE-2026-9650 and up to 11.06.37 for CVE-2026-9651.
Schneider Electric has released patched firmware to address these issues. Version 11.06.32 of the EasyLogic T150 firmware and version 11.06.38 of the Saitel DP firmware are available and include fixes for the identified vulnerabilities. Users are advised to contact Schneider Electric's Customer Care Center to obtain and apply these updates, which require a system reboot.
These devices are deployed globally across critical infrastructure sectors, including critical manufacturing and energy. The vulnerabilities carry a CVSS v3.1 base score of 7.5 (High) and a CVSS 4.0 score of 8.7 (High), underscoring the severity of the potential impact.
CISA urges users to review the associated Schneider Electric CPCERT security advisory (SEVD-2026-160-02) for detailed mitigation information and to apply the available firmware updates promptly to protect their operational technology environments.