Treck TCP/IP Vulnerabilities (Ripple20)

6 August 2020

Overview

Schneider Electric is aware of multiple vulnerabilities affecting Treck Inc.’s embedded TCP/IP stack, collectively known as Ripple20, which Treck disclosed publicly on June 16. The vulnerabilities range in severity and therefore have varying levels of risk.

Schneider Electric continues to assess how the newly disclosed vulnerabilities affect its offers. The company will continue to update this notification as additional offer-specific information becomes available.

Customers should immediately ensure they have implemented cybersecurity best practices across their operations to protect themselves from possible exploitation of these vulnerabilities. Where appropriate, this includes locating their industrial systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; preventing mission-critical systems and devices from being accessed from outside networks; and following the remediation and general security recommendations below.

For additional information and support, please contact your Pro-face sales or service representative or Pro-face Customer support.

Affected Products & Remediations

Schneider Electric has determined that the following offers are impacted. The company will update this table as it continues to assess the impact these vulnerabilities have on its offers.

Notification in Schneider Electric

All of Pro-face HMI products are not affected this vulnerability