Schneider Updates IGSS SCADA Software

Wednesday, February 14, 2018 @ 11:02 AM gHale

Schneider Electric has new software to mitigate a security misconfiguration in its IGSS SCADA Software, according to a report with ICS-CERT.

IGSS SCADA Software V12 and all previous versions suffer from the locally exploitable vulnerability, discovered by Ivan Sanchez of Nullcode.

RELATED STORIES
Wago Fixes PFC200 Series
NXP Updates Fix for RTOS
New Firmware for Fuji V-Server VPR
3S-Smart Software Patch Ready

Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash or execute arbitrary code.

Schneider Electric has provided IGSS SCADA Software V13 to address this vulnerability.

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. In addition, an attacker would need high skill level to leverage the vulnerability.

Memory protection settings such as address space layout randomization (ASLR) and data execution prevention (DEP) are not properly implemented.

CVE-2017-9967 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.

The product sees use in the commercial facilities, critical manufacturing, and energy sectors. It also sees action on a global basis.



Leave a Reply

You must be logged in to post a comment.