CISA Warns of Path Traversal Flaw in Schneider Electric EasyLogic T150 and Saitel DP RTUs
CISA disclosed CVE-2026-6865, a path traversal vulnerability in Schneider Electric's EasyLogic T150 and Saitel DP remote terminal units, affecting critical energy and manufacturing sectors worldwide.
CISA has issued an advisory warning of a path traversal vulnerability, tracked as CVE-2026-6865, in Schneider Electric's EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units (RTUs) and controllers. The flaw, rated 7.1 on the CVSS v3.1 scale, stems from improper handling of user-supplied input during server-side file path processing, which could allow an authenticated attacker with low privileges to gain unauthorized access to sensitive files on the device.
The vulnerability affects all firmware versions up to 11.06.31 for the EasyLogic T150 and up to 11.06.36 for the Saitel DP. These devices are widely deployed across the energy and critical manufacturing sectors globally, with Schneider Electric headquartered in France. The CWE-22 classification (Improper Limitation of a Pathname to a Restricted Directory) indicates that the bug enables directory traversal, potentially exposing configuration files, credentials, or other operational data stored on the RTU.
Schneider Electric has released fixed firmware versions — 11.06.32 for the EasyLogic T150 and 11.06.37 for the Saitel DP — available through the company's Customer Care Center. The fixes require a device reboot to apply. For customers who cannot immediately upgrade, CISA recommends implementing strict credential controls, ensuring network isolation, and following the manufacturer's security recommendations to reduce risk.
The advisory, published as ICSA-26-169-04, also references Schneider Electric's own security advisory SEVD-2026-132-03, which provides detailed mitigation guidance. CISA notes that while the vulnerability requires low-privilege access, it can be exploited over the network, making it a realistic vector for attackers who have already gained a foothold in an operational technology (OT) environment.
This disclosure follows a pattern of recent Schneider Electric advisories, including a separate insufficient entropy flaw (CVE-2026-4827) affecting dozens of products across the Easergy, EcoStruxure, PowerLogic, and Saitel lines, and a critical vulnerability in the EcoStruxure Panel Server (CVE-2026-6866). The repeated findings highlight the growing scrutiny on industrial control system (ICS) security as critical infrastructure operators face increasing pressure from both nation-state actors and cybercriminal groups.
Organizations operating these RTUs should prioritize patching and review their network segmentation to ensure that control system devices are not directly exposed to the internet. CISA also recommends using VPNs for remote access, though it cautions that VPNs must be kept up to date to remain effective.