Schneider Electric SCADAPack and RemoteConnect Vulnerability Advisory

Schneider Electric SCADAPack and RemoteConnect Vulnerability Advisory 🚨

Source: CISA
Date Published: March 17, 2026

Schneider Electric is aware of a vulnerability in its SCADAPack x70 RTU products. The SCADAPack 47xi, SCADAPack 47x, and SCADAPack 57x are Remote Terminal Units that provide communication capabilities for remote monitoring and control. Failure to apply the remediations provided below may risk unauthorized access to your RTU, which could result in denial of service and loss of confidentiality and integrity of the controller. These products are used in Critical Infrastructure Sectors: Energy, and are deployed worldwide.

Vulnerability Details

The vulnerability is identified as CVE-2026-0667, a CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability. This vulnerability could cause arbitrary code execution, denial of service, and loss of confidentiality & integrity when communicating over the Modbus TCP protocol. Affected products include Schneider Electric SCADAPack 57x All Versions, and RemoteConnect Versions prior to R3.4.2.

Remediation

To address this, Version R3.4.2 (Firmware version 9.12.2) of SCADAPack 47x and SCADAPack 47xi includes a fix for this vulnerability and is available for download here. Version R3.4.2 of RemoteConnect also includes a fix for this vulnerability and is available for download here. If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:

• Follow the information according to SCADAPack Security Guidelines in section 8.3 Secured Communication.
• Apply the following standard practices to reduce the risk of exploit: Setup network segmentation and implement the RTU firewall service to block all unauthorized access to services. Disable the logic debug service.

Recommendations

Schneider Electric CPCERT reported this vulnerability to CISA. The initial release date for this advisory was February 10, 2026. CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. These measures include minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Additionally, CISA advises locating control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available.

For more information, you can read the complete article here.