Critical CVE‑2026‑0667 in Schneider Electric SCADAPack & RemoteConnect RTUs Enables Remote Code Execution
What It Is – Schneider Electric disclosed a critical vulnerability (CVE‑2026‑0667) in its SCADAPack x70 series Remote Terminal Units (RTUs) and RemoteConnect gateway. The flaw is an improper check for unusual conditions in the Modbus TCP stack, allowing an unauthenticated attacker to execute arbitrary code, cause denial‑of‑service, and compromise confidentiality and integrity of the controller.
Exploitability – The vulnerability scores 9.8 (CVSS v3.1), indicating a high likelihood of remote exploitation. Proof‑of‑concept code has been shared publicly, and threat actors are actively scanning for vulnerable devices in the wild.
Affected Products –
- Schneider Electric SCADAPack 47xi, 47x, 57x (firmware < 9.12.2)
- Schneider Electric RemoteConnect gateway (generic version)
TPRM Impact – OT devices that sit in the supply chain of energy utilities, industrial automation integrators, and managed service providers become a direct entry point for attackers. Compromise can cascade to downstream customers, disrupt power distribution, and expose critical process data.
Recommended Actions –
- Patch immediately – Upgrade SCADAPack firmware to 9.12.2 or later and apply the latest RemoteConnect update.
- Network segmentation – Isolate RTUs on dedicated VLANs and restrict Modbus TCP traffic to trusted sources only.
- Access hardening – Enforce strong authentication, disable default credentials, and implement role‑based access controls.
- Monitoring – Deploy IDS/IPS signatures for Modbus anomalies and enable logging of all RTU communications.
- Supply‑chain review – Verify that any third‑party integrators or MSPs managing these devices have applied the remediation.
Source: CISA Advisory – ICSA‑26‑076‑02