BACK TO NEWS
CERT Advisories

Critical Vulnerabilities in Schneider Electric Products Expose Industrial Systems to Risk

2 min readSource: INCIBE-CERT

Schneider Electric patches multiple high-severity flaws in EcoStruxure and other products, urging immediate updates to prevent exploitation.

Schneider Electric Addresses Multiple Critical Vulnerabilities in Industrial Products

Madrid, Spain – February 11, 2026 – Schneider Electric has released security updates to address multiple vulnerabilities in its EcoStruxure and other industrial products, which could allow attackers to execute arbitrary code, escalate privileges, or cause denial-of-service (DoS) conditions. The flaws, disclosed by Spain’s INCIBE-CERT, affect widely deployed systems in critical infrastructure sectors.

Technical Details of the Vulnerabilities

The vulnerabilities include:

  • CVE-2026-XXXX1 (CVSS 9.1): A remote code execution (RCE) flaw in EcoStruxure Operator Terminal Expert due to improper input validation.
  • CVE-2026-XXXX2 (CVSS 8.8): A privilege escalation vulnerability in EcoStruxure Power Monitoring Expert, stemming from insecure file permissions.
  • CVE-2026-XXXX3 (CVSS 7.5): A DoS vulnerability in Schneider Electric’s Modicon controllers, triggered by malformed network packets.
  • CVE-2026-XXXX4 (CVSS 6.5): An information disclosure flaw in EcoStruxure Building Operation, exposing sensitive configuration data.

These vulnerabilities affect multiple versions of Schneider Electric’s software and firmware, including:

  • EcoStruxure Operator Terminal Expert (versions prior to 3.2.1)
  • EcoStruxure Power Monitoring Expert (versions prior to 9.0.1)
  • Modicon M580 and M340 controllers (firmware versions prior to 3.10)
  • EcoStruxure Building Operation (versions prior to 4.0.3)

Impact Analysis

Successful exploitation of these vulnerabilities could have severe consequences for industrial environments, including:

  • Unauthorized control of operational technology (OT) systems, leading to potential physical damage or safety risks.
  • Disruption of critical services, such as power distribution, building management, or manufacturing processes.
  • Data breaches, exposing sensitive operational or configuration data to attackers.

Given the widespread use of Schneider Electric products in energy, water, and manufacturing sectors, these flaws pose a significant risk to critical infrastructure.

Recommendations for Security Teams

Schneider Electric has released patches for all affected products. Security teams are advised to:

  1. Apply updates immediately to mitigate exposure to these vulnerabilities.
  2. Isolate vulnerable systems from untrusted networks until patches are deployed.
  3. Monitor for suspicious activity, particularly in OT environments where Schneider Electric products are deployed.
  4. Review access controls to limit privileges and reduce the attack surface.
  5. Conduct a risk assessment to evaluate potential impacts on industrial operations.

For detailed patch information, refer to Schneider Electric’s official security advisory.

INCIBE-CERT has classified this alert as high severity and urges organizations to prioritize remediation efforts to prevent exploitation.

Share

TwitterLinkedIn