Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84475members
353693posts

SAGE RTU ISaGRAF vulnerability mitigation

Power Monitoring and Energy Automation NAM

This forum is created for the exchange of information and open dialogue regarding electrical power monitoring and energy automation products and services. Participants will have access to downloadable material as well as chat opportunities with subject matter experts.

Solved
Michael_Neas
Ensign Ensign
Ensign
0 Likes
1
516

SAGE RTU ISaGRAF vulnerability mitigation

Vulnerability found in SAGE RTU products if using ISaGRAF functionality.  Fix to resolve vulnerability currently scheduled to release by August 2021.  Mitigation instructions are as follows, note that if you are not using ISaGRAF functionality the default is to have all ports disabled and there is no vulnerability.  Also, note that you will need to apply firmware C3414-500-S02K2 or later to apply this mitigation.

If you are using ISaGRAF RLL programs in the SAGE RTU, the ports will be open, and the firewall will be needed to block access to those ports.  If the Firewall rules are employed, you can verify they are working by trying to connect to the RTU with the ISaGRAF development system.  If the Firewall is implemented and working correctly, the ISaGRAF development system will fail to connect.

Firewall rules used to block access to TCP ports 1113 and 1131:

Firewall Screenshot.jpg

Tags (1)

Accepted Solutions
Michael_Neas
Ensign Ensign
Ensign
0 Likes
0
454

Re: SAGE RTU ISaGRAF vulnerability mitigation

SAGE RTU firmware C3414-500-S02K5_P5 has been released to resolve this issue.  Please visit our website to download latest firmware.

See Answer In Context

Tags (1)
1 Reply 1
Michael_Neas
Ensign Ensign
Ensign
0 Likes
0
455

Re: SAGE RTU ISaGRAF vulnerability mitigation

SAGE RTU firmware C3414-500-S02K5_P5 has been released to resolve this issue.  Please visit our website to download latest firmware.

Tags (1)