Schneider Electric Trio Q Licensed Data Radios Insecure Storage of Sensitive Information Vulnerability

A vulnerability allowing insecure storage of sensitive information has been identified in Schneider Electric's Trio Q Licensed Data Radios, specifically in versions prior to v2.7.2. This vulnerability could lead to unauthorized access to confidential data. It arises when a malicious user with physical access and advanced knowledge of the filesystem resets the radio to factory default mode.

Impact

Exploitation of this vulnerability could result in unauthorized access to confidential data, potentially leading to a loss of confidentiality.

Remediation

Users of the Trio Q Licensed Data Radio should upgrade to version v2.7.2, which includes fixes for this vulnerability. The update is available for download from the Schneider Electric website. Instructions for updating the firmware can be found in the Trio Q Data Radio User Manual. For those who choose not to apply the update, it is recommended to secure the radios in a location that prevents physical access by unauthorized individuals and to verify the firmware version using the hash provided with the release notes.