CISA 2026-06-30

Schneider Electric EasyLogic T150 and Saitel DP RTU

Machine-generated analysis · WAYSCloud LLM

Credentials are stored in firmware or system files without authentication requirements, exposing them to unauthenticated access.

Context

The advisory covers Schneider Electric EasyLogic T150 and Saitel DP RTU, which are remote terminal units used in industrial control systems. The advisory states that affected devices store credentials in firmware or system files without sufficient protection, allowing unauthenticated attackers to access sensitive information. This issue affects multiple versions, with the highest CVSS score of 7.5. The advisory notes physical access may be required for subsequent device compromise after credential exposure.

Operator considerations

Check: Inventory devices running EasyLogic T150 or Saitel DP RTU firmware versions listed as affected.
Patch: Apply vendor-released fixes or implement vendor-recommended workarounds for CVE-2026-9650.
Isolate: Restrict physical access to devices to prevent unauthorized retrieval of stored credentials.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files.

The following versions of Schneider Electric EasyLogic T150 and Saitel DP RTU are affected:

EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller

Read the full advisory on CISA →