Skip to main content

Saitel Dp Remote Terminal Unit Controller

3 CVEs product

Monthly

CVE-2026-9651 MEDIUM CISA This Month

Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units exposes password hashes stored in system files to unauthorized reading by privileged local users. An attacker who has already obtained privileged local access to the RTU can read these improperly protected files, extract credential hashes, and perform offline cracking to achieve account compromise. No public exploit code exists at time of analysis, and the vulnerability has not been listed in CISA KEV, but the high confidentiality impact on credential material in OT/ICS environments warrants attention.

Authentication Bypass Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-9650 HIGH CISA Act Now

Credential exposure in Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units & Controllers allows an unauthenticated attacker to recover credentials that are insufficiently protected within device firmware or system files (CWE-522). The recovered credentials can then be used to fully compromise the device when the attacker also has physical access. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; vendor advisory SEVD-2026-160-02 covers the affected OT products.

Authentication Bypass Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-6865 HIGH CISA This Week

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.

Authentication Bypass Path Traversal Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
CVSS 4.0
7.1
EPSS
0.1%
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units exposes password hashes stored in system files to unauthorized reading by privileged local users. An attacker who has already obtained privileged local access to the RTU can read these improperly protected files, extract credential hashes, and perform offline cracking to achieve account compromise. No public exploit code exists at time of analysis, and the vulnerability has not been listed in CISA KEV, but the high confidentiality impact on credential material in OT/ICS environments warrants attention.

Authentication Bypass Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
EPSS 0% CVSS 8.7
HIGH Act Now

Credential exposure in Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units & Controllers allows an unauthenticated attacker to recover credentials that are insufficiently protected within device firmware or system files (CWE-522). The recovered credentials can then be used to fully compromise the device when the attacker also has physical access. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; vendor advisory SEVD-2026-160-02 covers the affected OT products.

Authentication Bypass Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller Saitel Dp Remote Terminal Unit Controller
NVD
EPSS 0% CVSS 7.1
HIGH This Week

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.

Authentication Bypass Path Traversal Easylogic T150 Formerly Saitel Dr Remote Terminal Unit Controller +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy