Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability
Low RiskICS-CERT ICSA-14-014-01Oct 17, 2014
Summary
ClearSCADA contains an uncontrolled resource consumption vulnerability (CWE-400) in versions 2010 R2 through 2013 R1.1a. A remote attacker can send malformed requests that cause the server to exhaust memory, CPU, or connection resources, leading to denial of service. All affected versions are end-of-life with no vendor patches planned. The vulnerability allows attackers to disrupt SCADA operations without requiring authentication.
What this means
What could happen
An attacker could send specially crafted requests to ClearSCADA, consuming server memory or CPU resources until the SCADA server becomes unresponsive, disrupting monitoring and control of energy infrastructure.
Who's at risk
Energy utilities and operators running Schneider Electric ClearSCADA 2010 or 2013 versions should care. This affects SCADA servers used for monitoring and controlling electric generation, transmission, and distribution systems. Any organization using these end-of-life ClearSCADA versions for critical process control or supervisory monitoring is at risk.
How it could be exploited
An attacker with network access to the ClearSCADA server could send malformed or resource-intensive requests to trigger uncontrolled resource consumption. The vulnerability allows the attacker to exhaust server resources (memory, CPU, or connections) through a denial-of-service attack, rendering the SCADA system unable to respond to legitimate operator commands or monitoring requests.
Prerequisites
- Network access to ClearSCADA server port (typically 502 or web interface port)
- No authentication required to trigger the resource consumption
Remotely exploitableNo authentication requiredNo patch available (end-of-life product)Affects SCADA control systems
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (7)
7 EOL
ProductAffected VersionsFix Status
ClearSCADA 2010 R2: Build_71.4165Build 71.4165No fix (EOL)
ClearSCADA 2010 R2.1: Build_71.4325Build 71.4325No fix (EOL)
ClearSCADA 2010 R3: Build_72.4560Build 72.4560No fix (EOL)
ClearSCADA 2010 R3.1: Build_72.4644Build 72.4644No fix (EOL)
SCADA Expert ClearSCADA 2013 R1: Build_73.4729Build 73.4729No fix (EOL)
SCADA Expert ClearSCADA 2013 R1.1: Build_73.4832Build 73.4832No fix (EOL)
SCADA Expert ClearSCADA 2013 R1.1a: 73.4903|2013|R1.2|73.495573.4903|2013|R1.2|73.4955No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGRestrict network access to ClearSCADA servers using firewall rules; only permit connections from authorized engineering workstations and authorized remote access points
WORKAROUNDDeploy rate limiting and connection throttling on the ClearSCADA server if available through application settings
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor ClearSCADA server resource usage (CPU, memory, connection count) for anomalies that may indicate an active attack
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: ClearSCADA 2010 R2: Build_71.4165, ClearSCADA 2010 R2.1: Build_71.4325, ClearSCADA 2010 R3: Build_72.4560, ClearSCADA 2010 R3.1: Build_72.4644, SCADA Expert ClearSCADA 2013 R1: Build_73.4729, SCADA Expert ClearSCADA 2013 R1.1: Build_73.4832, SCADA Expert ClearSCADA 2013 R1.1a: 73.4903|2013|R1.2|73.4955. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate ClearSCADA servers from untrusted networks and the internet
HARDENINGPlan migration to a supported version of ClearSCADA or alternative SCADA software, as all affected versions are end-of-life with no patches available
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/560409a8-7eb8-4181-bb62-5b8441f2c7ad