Primary

Context

Schneider Electric EasyLogic T150 and Saitel DP Path Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A path traversal vulnerability has been identified in Schneider Electric's EasyLogic T150 Remote Terminal Unit & Controller (versions through 11.06.31) and Saitel DP Remote Terminal Unit & Controller (versions through 11.06.36). This vulnerability, classified as CWE-22, arises from improper handling of user-supplied input during server-side file path processing, potentially allowing authenticated users to access sensitive files without authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the affected device.

Remediation

Users of EasyLogic T150 should upgrade to version 11.06.32, while Saitel DP users should upgrade to version 11.06.37. Both updates are available through Schneider Electric's Customer Care Center. A reboot is required after applying the update.

Added: May 12, 2026, 2:22 PM

Updated: May 12, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EasyLogic T150 and Saitel DP Path Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

Schneider Electric EasyLogic T150

Schneider Electric Saitel DP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating