Schneider Electric Enerlin'X IFE and eIFE Improper Input Validation Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Schneider Electric's Enerlin'X IFE and Enerlin'X eIFE products, all versions. This vulnerability arises from improper input validation, allowing malicious IPv6 packets to disrupt the device's operation. The attack causes the IEC61850 services of the affected products to become unavailable, requiring a manual reboot to restore functionality.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the IEC61850 services of the IFE and eIFE products to become unavailable. This disruption requires a manual reboot to restore normal operation.

Remediation

Users can upgrade to version 004.010.000 of Enerlin'X IFE and eIFE, which includes a fix for this vulnerability. The latest version can be downloaded using the EcoStruxure Power Commission tool. For those who cannot apply the update, it is recommended to use the devices in a protected environment, minimize network exposure, and implement network segmentation and firewall rules to block unauthorized access to the product's ports.