Summary
Schneider Electric disclosed a critical vulnerability (CVE-2026-0667) in its SCADAPack RTUs and RemoteConnect software that allows unauthenticated attackers to execute arbitrary code via Modbus TCP. The flaw poses a severe risk to critical infrastructure, potentially leading to full system takeover or denial of service.
Take Action:
If you have SCADAPack x70 RTUs (47x, 47xi, or 57x series) or use RemoteConnect software, make sure all devices are isolated from the internet and accessible from trusted networks only. Then immediately update RemoteConnect to R3.4.2 and firmware to 9.12.2 on your 47x/47xi devices. If you can't patch right now, block unauthorized Modbus TCP access using the built-in firewall and disable the logic debug service.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)