Schneider Electric EcoStruxure Operator Terminal Expert (ICSA-20-142-02) – Product Used in the Energy Sector

CISA has published an advisory on SQL injection, path traversal, and argument injection vulnerabilities in Schneider Electric EcoStruxure Operator Terminal Expert. EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) are affected. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution. Schneider Electric recommends users update to EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.