CVE-2026-0667 Schneider Electric CVE debrief

Who should care

OT/ICS operators, plant engineers, and security teams running Schneider Electric SCADAPack 47x/47xi or RemoteConnect, especially where Modbus TCP is reachable from less-trusted networks.

Technical summary

The advisory identifies a CWE-754 improper check for unusual or exceptional conditions in Modbus TCP handling. According to the source, this can affect confidentiality, integrity, availability, and may permit arbitrary code execution or denial of service. Vendor-fixed releases are SCADAPack 47x/47xi firmware 9.12.2 on SCADAPack 47x/47xi version R3.4.2, and RemoteConnect R3.4.2.

Defensive priority

Critical. Prioritize patching or controlled upgrade planning immediately, then reduce exposure with network segmentation and service hardening if remediation will be delayed.

Recommended defensive actions

• Upgrade SCADAPack 47x/47xi to firmware 9.12.2 on R3.4.2.
• Upgrade RemoteConnect to R3.4.2.
• If you cannot remediate immediately, follow the SCADAPack Cybersecurity Guide section 8.3 on secured communication.
• Segment OT networks and use the RTU firewall service to block unauthorized access to services.
• Disable the logic debug service where it is not required.
• Verify asset inventory for affected SCADAPack and RemoteConnect deployments and prioritize reachable Modbus TCP paths.

Evidence notes

CISA's CSAF advisory ICSA-26-076-02, republished from Schneider Electric's SEVD-2026-041-01 notice, lists affected SCADAPack 47x and 47xi firmware / R3.4.2 combinations and RemoteConnect, describes the flaw as CWE-754 over Modbus TCP, and provides vendor fixes plus mitigations. The advisory revision history shows the initial release on 2026-02-10 and CISA republication on 2026-03-17.

Official resources