Schneider Patches SCADA Hole

Monday, January 21, 2013 @ 01:01 PM gHale


Schneider Electric issued a patch for a buffer overflow vulnerability in its Interactive Graphical SCADA System (IGSS) application, according to a report on ICS-CERT.

All versions of the IGSS application suffer from the remotely exploitable vulnerability which Aaron Portnoy, researcher at Exodus Intelligence who found the problem, validated as resolving the issue.

RELATED STORIES
Schneider Faces Product Bugs
Schneider Updates SESU Vulnerability
Brute Force Tool Targets Siemens S7
Mitigations for CoDeSys Toolkit

An attacker could exploit of this vulnerability resulting in a buffer overflow that could possibly allow an attacker to execute code under administrator credentials. IGSS sees use in the renewable energy, process control, monitoring and control, motor controls, lighting controls, electrical distribution, and security system sectors.

Schneider Electric is a US-based company that has offices in 190 countries.

IGSS is a desktop application used to integrate industrial control system (ICS) components from diverse vendors using diverse sets of protocols and integrate their configuration and monitoring functions using IGSS as a single supervisory or human-machine interface (HMI) system.

Vulnerability classifications end up classified by Common Weakness Enumerations (CWE). This stack-based buffer overflow comes in as a CWE-121.

In addition, IGSS communicates with a broad range of ICS devices using a broad range of protocols over two network ports, Ports (12397 and 12399)/TCP by default. This exploit has found that out-of-protocol communication over Port 12397/TCP can cause a buffer overflow condition. Although this overflow can cause the application to crash, an attacker can also apply techniques to take advantage of the buffer overflow and likely execute malicious code with administrator privileges.

CVE-2013-0657 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

At present, there are no exploits specifically target this vulnerability. An attacker with a moderate skill would be able to exploit this vulnerability.

Schneider issued two patches for versions V9 and V10 of the IGSS software to address this vulnerability. These patches are available from the Schneider Electric Web site.

Users of this software with older versions should upgrade their software or employ other mitigation methods. At a minimum, this port should have a filter to only allow access from the specific IP addresses for the devices controlled or monitored.



Leave a Reply

You must be logged in to post a comment.