Schneider Electric Saitel DR and DP RTUs OS Command Injection Vulnerability Allowing Arbitrary Code Execution

A command injection vulnerability has been identified in Schneider Electric's Saitel DR and Saitel DP Remote Terminal Units (RTUs), in versions through 11.06.29 for Saitel DR and through 11.06.33 for Saitel DP. This vulnerability, categorized as CWE-78, allows the execution of arbitrary shell commands by injecting commands through the BLMon Console during an SSH session. The issue arises when the netstat command is executed, creating an opportunity for command injection that could lead to unauthorized code execution on the device.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected RTU.

Remediation

Users of Saitel DR RTU should upgrade to firmware version 11.06.30, while Saitel DP RTU users should upgrade to version 11.06.34. Both firmware versions include a fix for this vulnerability. After upgrading, a reboot is required to complete the process. For those who choose not to apply the update, it is recommended to restrict access to the BLMon Console by limiting permissions to a select group of user roles, ensure users have the least privileged role necessary for their tasks, and implement firewall rules to limit SSH access to the device.