CISA flags CVE-2026-6865 in Schneider T150, Saitel DP

CISA's June 18 republication puts a familiar bad pattern in an unforgiving place: CVE-2026-6865 is CWE-22 path traversal in Schneider Electric EasyLogic T150, formerly Saitel DR, and Saitel DP Remote Terminal Unit and Controller firmware. The flaw can allow unauthorized access to sensitive files when user-supplied input is mishandled during server-side file path processing. The affected versions are EasyLogic T150 firmware through 11.06.31 and Saitel DP firmware through 11.06.36. Schneider Electric says the fixed versions are 11.06.32 and 11.06.37, available through its Customer Care Center, and CISA lists a reboot as required for both.

For the compliance director, this is a high-severity ICS advisory with the usual CISA mitigation language. For the operations team, the operative sentence is shorter: find the RTUs, verify firmware, schedule the reboot. That last step matters. A web application team can patch path traversal during a maintenance release and roll back if the service misbehaves. An energy or critical manufacturing operator has to decide when a remote terminal unit can be restarted without creating a different risk.

If the fix cannot be applied immediately, CISA and Schneider point to strict credential controls, isolation consistent with the product's security recommendations, minimized network exposure for control systems, firewalls between control and business networks, and updated secure remote access such as VPNs. Those controls reduce the blast radius; they do not change the class of bug. Path traversal is not exotic. In production RTU firmware, affecting versions deployed worldwide in energy and critical manufacturing, it is the kind of old problem that becomes operationally new because the device is hard to touch.

CISA says no known public exploitation specifically targeting CVE-2026-6865 has been reported to it. That leaves two practical unknowns: how broadly the vulnerable firmware is deployed in U.S. grid and manufacturing environments, and how quickly Schneider customers can obtain and install the fixed firmware through the support channel. Until those are answered locally, the Monday task is inventory, firmware verification, network exposure review, and a reboot plan that someone in operations has actually signed off on.