ACCORDING to Schneider Electric CPCERT, Schneider Electric is aware of a vulnerability in its SCADAPack x70 RTU products, with the SCADAPack 47xi, SCADAPack 47x and SCADAPack 57x RTUs that provide remote monitoring and control potentially enabling denial of service and loss of confidentiality and integrity if exploited via the Modbus TCP protocol.
The advisory lists CVE-2026-0667, described as CWE-754: Improper Check for Unusual or Exceptional Conditions, and indicates a CVSS v3 base score of 9.8, positioned as CRITICAL. Affected product versions include SCADAPack 57x All Versions and RemoteConnect versions prior to R3.4.2, with fixes published as Version R3.4.2 (Firmware 9.12.2) for SCADAPack 47x/47xi and for RemoteConnect, available from Schneider Electric’s download pages.
If remediation is not applied, mitigations include hardening communications per SCADAPack Security Guidelines section 8.3, network segmentation, RTU firewall usage to block unauthorized access, and disabling the logic debug service. The advisory, released on 17 March 2026, also emphasises securing remote access via VPNs and other industry best practices.