December 18, 2018

The NCCIC has updated this advisory with additional information on mitigation measures. NCCIC/ICS-CERT.

May 3, 2018

The NCCIC has updated this advisory with additional details on technical details, mitigation measures, and the NCCIC’s own recommendations. NCCIC/ICS-CERT.

April 17, 2018

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Schneider Electric Triconex Tricon. MP model 3008 firmware versions 10.0-10.4 are affected. Successful exploitation of these vulnerabilities could misinform or control the Safety Instrumented System which could result in arbitrary code execution, system shutdown, or the compromise of safety systems. Schneider Electric recommends that customers upgrade their firmware to the latest 11.x version. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.