Schneider Electric is aware of multiple vulnerabilities affecting Treck Inc.’s embedded TCP/IP stack, which Treck disclosed publicly on June 16, 2020. The vulnerabilities range in severity and therefore have varying levels of risk.
Schneider Electric released the following documents that are regularly updated:
A detailed Security Notification lists the Schneider Electric affected products that were identified at the time of publication and includes recommended mitigations.
A detailed Security Notification that focuses on APC by Schneider Electric Network Management Cards (NMC) and products that support or contain an NMC.
A Security Bulletin published on Tuesday, June 16, 2020 to acknowledge awareness of the topic.
Customers should immediately implement cybersecurity best practices across their operations to protect themselves from these vulnerabilities. Please direct all inquiries to Schneider Electric's Customer Care Center.