A severe credential protection flaw in the Schneider Electric EasyLogic T150 controller allows unauthenticated attackers to gain unauthorized access to sensitive firmware or system files.

This vulnerability (CWE-522) involves the storage of credentials in an insufficiently protected manner within the device firmware. An unauthenticated attacker can exploit this to extract sensitive authentication data, gaining unauthorized access to the controller.

The ability for an unauthenticated attacker to extract credentials from an industrial controller poses a severe risk to operational technology (OT) environments. With a CVSS score of 8.7, this vulnerability could lead to total system compromise, unauthorized configuration changes, or the disruption of critical industrial processes, posing significant safety and operational risks.

Immediate Action: Update the firmware of all affected EasyLogic T150 controllers to the latest version provided by the manufacturer.

Proactive Monitoring: Monitor network traffic for unauthorized access attempts to the controller interface and review system logs for signs of credential harvesting.

Compensating Controls: Isolate the controllers on a restricted management network with strict access control lists (ACLs) to prevent unauthorized network access.

Public Exploit Available: false

Given the critical nature of industrial control systems, this vulnerability requires immediate attention. Organizations must identify all deployed EasyLogic T150 units and apply the vendor-provided firmware update as a matter of urgency to prevent potential remote exploitation and unauthorized access to industrial operations.