Schneider Electric Saitel DR and DP RTU Privilege Escalation and Arbitrary Code Execution Vulnerability

A vulnerability allowing privilege escalation and arbitrary code execution has been identified in Schneider Electric's Saitel DR and Saitel DP Remote Terminal Unit (RTU) products. This vulnerability arises from improper privilege management, where a privileged engineer user with console access can modify a configuration file used by a root-level daemon to execute custom scripts. The issue is present in Saitel DR RTU versions through 11.06.29 and Saitel DP RTU versions through 11.06.34.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation and arbitrary code execution, potentially causing a denial-of-service condition and compromising the confidentiality and integrity of the affected device.

Remediation

Users of the Saitel DR RTU should upgrade to firmware version 11.06.30, which includes a fix for this vulnerability. For the Saitel DP RTU, Schneider Electric is establishing a remediation plan that will be communicated once available. In the meantime, users should limit console access to trusted individuals and enforce a strong password policy.