HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Path Traversal Vulnerability (CVE‑2026‑6865) in Schneider Electric EasyLogic T150 & Saitel DP RTUs Risks Unauthorized File Access

CISA has flagged CVE‑2026‑6865, a path‑traversal bug in Schneider Electric EasyLogic T150 and Saitel DP remote terminal units. Exploitation could expose configuration files and credentials, prompting organizations to verify firmware versions and tighten file‑access controls to stay audit‑ready.

LiveThreat™ Intelligence · 📅 June 18, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

Path Traversal Vulnerability (CVE‑2026‑6865) in Schneider Electric EasyLogic T150 & Saitel DP RTUs Allows Unauthorized File Access

What It Is — CISA’s advisory (ICS‑A‑26‑169‑04) details a CWE‑22 path‑traversal flaw in the firmware of Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units. An attacker who can supply a crafted file‑path can read files outside the intended directory, potentially exposing configuration data, credentials, or operational logs.

Exploitability — CVSS v3 7.1 (High). No public exploit code is known, but the vulnerability is exploitable remotely via the device’s management interface; successful exploitation grants unauthorized file read.

Affected Products — Schneider Electric EasyLogic T150 (≤ v11.06.31) and Saitel DP (≤ v11.06.36) RTU firmware.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 auditors expect documented evidence that OT assets are tracked, patched, and that file‑system boundaries are enforced (CC6.1 System Operations, CC7.1 Change Management).
  • Continuous control monitoring of firmware versions and file‑access logs provides a defensible audit trail and demonstrates due‑diligence to customers in regulated sectors (energy, critical manufacturing).
  • Mapping this vulnerability to your control framework helps you prove that you have “reasonable” safeguards against unauthorized data exposure, a key requirement for many enterprise contracts.

Recommended Actions

  • Inventory every EasyLogic T150 and Saitel DP unit and confirm firmware is newer than v11.06.31/36.
  • Apply Schneider Electric’s security patch or upgrade to the latest firmware immediately.
  • Harden the management interface: enforce strict input validation, restrict network access to trusted IP ranges, and enable logging of file‑access attempts.
  • Integrate firmware version and log collection into your continuous compliance platform to generate SOC 2 evidence automatically.

Source: CISA Advisory ICS‑A‑26‑169‑04

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-04

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →