Schneider Electric is aware of multiple vulnerabilities affecting TCP/ITreck Inc.’s embedded TCP/IP stack, collectively known as Ripple20, which Treck disclosed publicly on June 16.
The vulnerabilities range in severity and therefore have varying levels of risk. Schneider Electric continues to assess how the newly disclosed vulnerabilities affect its offers.
The company will continue to update this notification as additional offer-specific information becomes available.
Customers should immediately ensure they have implemented cybersecurity best practices across their operations to protect themselves from possible exploitation of these vulnerabilities.
Where appropriate, this includes locating their industrial systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; preventing mission-critical systems and devices from being accessed from outside networks; and following the remediation and general security recommendations below.
Schneider Electric has determined that the following offers are impacted. The companywill update this table as it continues to assess the impact these vulnerabilities have on its offers. Please subscribe to the Schneider Electric security notification service to be informed of critical updates to this notification, including information on affected products and remediation plans: