Path Traversal Vulnerability (CVE‑2026‑6865) in Schneider Electric EasyLogic T150 & Saitel DP RTUs Allows Unauthorized File Access
What It Is — CISA’s advisory (ICS‑A‑26‑169‑04) details a CWE‑22 path‑traversal flaw in the firmware of Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units. An attacker who can supply a crafted file‑path can read files outside the intended directory, potentially exposing configuration data, credentials, or operational logs.
Exploitability — CVSS v3 7.1 (High). No public exploit code is known, but the vulnerability is exploitable remotely via the device’s management interface; successful exploitation grants unauthorized file read.
Affected Products — Schneider Electric EasyLogic T150 (≤ v11.06.31) and Saitel DP (≤ v11.06.36) RTU firmware.
Why It Matters for Compliance & Audit Readiness
- SOC 2 auditors expect documented evidence that OT assets are tracked, patched, and that file‑system boundaries are enforced (CC6.1 System Operations, CC7.1 Change Management).
- Continuous control monitoring of firmware versions and file‑access logs provides a defensible audit trail and demonstrates due‑diligence to customers in regulated sectors (energy, critical manufacturing).
- Mapping this vulnerability to your control framework helps you prove that you have “reasonable” safeguards against unauthorized data exposure, a key requirement for many enterprise contracts.
Recommended Actions
- Inventory every EasyLogic T150 and Saitel DP unit and confirm firmware is newer than v11.06.31/36.
- Apply Schneider Electric’s security patch or upgrade to the latest firmware immediately.
- Harden the management interface: enforce strict input validation, restrict network access to trusted IP ranges, and enable logging of file‑access attempts.
- Integrate firmware version and log collection into your continuous compliance platform to generate SOC 2 evidence automatically.
Source: CISA Advisory ICS‑A‑26‑169‑04