Schneider Electric CitectSCADA Products Exception Handler Vulnerability (Update A)

Low RiskICS-CERT ICSA-13-350-01ASep 18, 2013

Summary

An unhandled exception vulnerability exists in the exception handler of Schneider Electric CitectSCADA and related SCADA products. The vulnerability affects multiple versions of Vijeo Citect, CitectSCADA, StruxureWare PowerSCADA Expert, PowerLogic SCADA, and StruxureWare SCADA Expert. CWE-248 (Uncaught Exception) indicates that the application fails to properly handle exceptions, which could allow an attacker to trigger crashes or potentially achieve code execution. No fix is available for any of the affected product versions.

What this means

What could happen

An unhandled exception in the CitectSCADA exception handler could allow an attacker to crash the SCADA application or potentially execute commands on the engineering workstation or server, disrupting visibility and control of energy infrastructure.

Who's at risk

Energy utilities and industrial facilities using Schneider Electric CitectSCADA, Vijeo Citect, StruxureWare SCADA Expert, StruxureWare PowerSCADA Expert, or PowerLogic SCADA platforms for supervisory control and monitoring of power distribution, generation, and other critical infrastructure. This affects engineering workstations and SCADA application servers.

How it could be exploited

An attacker with network access to a CitectSCADA application server or engineering workstation could send a specially crafted network request or input that triggers an unhandled exception in the exception handler. This could crash the application or, depending on the exception handling mechanism, potentially allow code execution in the context of the SCADA process.

Prerequisites

Network access to CitectSCADA application server or engineering workstation
CitectSCADA application must be running and accepting network connections

No patch available for multiple affected productsRemotely exploitable if SCADA server is network-accessibleLow-complexity attackAffects visibility and control of critical energy infrastructure

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

StruxureWare SCADA Expert Vijeo Citect: v7.40v7.40No fix (EOL)

Vijeo Citect: >=v7.20|<v7.30SP1≥ v7.20|<v7.30SP1No fix (EOL)

CitectSCADA: >=v7.20|<v7.30SP1≥ v7.20|<v7.30SP1No fix (EOL)

StruxureWare PowerSCADA Expert: >=v7.30|<v7.30SR1≥ v7.30|<v7.30SR1No fix (EOL)

PowerLogic SCADA: >=v7.20|<v7.20SR1≥ v7.20|<v7.20SR1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate CitectSCADA systems on a separate network segment with access controls; restrict network connectivity to engineering workstations and authorized monitoring systems only

WORKAROUNDImplement firewall rules to restrict inbound network access to CitectSCADA servers to known trusted hosts and ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for application crashes and unhandled exceptions in CitectSCADA event logs; alert on sudden terminations of the SCADA process

Long-term hardening

0/1

HOTFIXEvaluate feasibility of upgrading to supported versions of CitectSCADA (v7.30SP1 or later for Vijeo Citect/CitectSCADA, v7.30SR1 for StruxureWare PowerSCADA Expert, v7.20SR1 for PowerLogic SCADA) during maintenance windows

CVEs (1)

CVE-2013-2824

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e70f63e6-f329-41d9-9196-b37a2b7e0ac3