Schneider Electric StruxureWare SCADA Expert ClearSCADA Parsing Vulnerability
Low RiskICS-CERT ICSA-14-072-01Dec 14, 2014
Summary
Schneider Electric ClearSCADA contains a parsing vulnerability (CWE-119: improper restriction of operations within the bounds of a memory buffer) that could lead to application crash or unexpected behavior. The vulnerability affects multiple versions of ClearSCADA 2010 R2 through R3.1 and SCADA Expert ClearSCADA 2013 R1 through R2. No patches are available for any affected version.
What this means
What could happen
A parsing error in ClearSCADA could allow an attacker to crash the SCADA application or trigger unexpected behavior, potentially disrupting real-time monitoring and control of energy infrastructure.
Who's at risk
Energy operators using Schneider Electric ClearSCADA 2010 or 2013 versions should be concerned. This affects central SCADA servers that monitor and control power distribution, generation, and related infrastructure. Any organization running these legacy ClearSCADA versions needs to assess their risk and implement compensating controls.
How it could be exploited
An attacker with network access to the ClearSCADA application could send specially crafted input or network packets that trigger a buffer overflow or memory handling error in the parsing routine. This could crash the application or cause it to execute unintended code.
Prerequisites
- Network access to the ClearSCADA application or its communication ports
- Ability to send malformed input to the parsing function (may require some knowledge of the protocol or data format)
Buffer overflow vulnerabilityNo patch availableAffects SCADA monitoring and control systemsLegacy unsupported software
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (9)
9 EOL
ProductAffected VersionsFix Status
ClearSCADA 2010 R2: Build_71.4165Build 71.4165No fix (EOL)
ClearSCADA 2010 R2.1: Build_71.4325Build 71.4325No fix (EOL)
ClearSCADA 2010 R3: Build_72.4560Build 72.4560No fix (EOL)
ClearSCADA 2010 R3.1: Build_72.4644Build 72.4644No fix (EOL)
SCADA Expert ClearSCADA 2013 R1: Build_73.4729Build 73.4729No fix (EOL)
SCADA Expert ClearSCADA 2013 R2: Build_74.5094Build 74.5094No fix (EOL)
SCADA Expert ClearSCADA 2013 R1.1: Build_73.4832Build 73.4832No fix (EOL)
SCADA Expert ClearSCADA 2013 R1.1a: Build_73.4903Build 73.4903No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDDeploy firewall rules to limit inbound connections to ClearSCADA ports from trusted networks only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor ClearSCADA application logs for unexpected crashes or errors that may indicate exploitation attempts
HOTFIXConsider upgrading to a newer version of ClearSCADA if available, as this version line is no longer receiving patches
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: ClearSCADA 2010 R2: Build_71.4165, ClearSCADA 2010 R2.1: Build_71.4325, ClearSCADA 2010 R3: Build_72.4560, ClearSCADA 2010 R3.1: Build_72.4644, SCADA Expert ClearSCADA 2013 R1: Build_73.4729, SCADA Expert ClearSCADA 2013 R2: Build_74.5094, SCADA Expert ClearSCADA 2013 R1.1: Build_73.4832, SCADA Expert ClearSCADA 2013 R1.1a: Build_73.4903, SCADA Expert ClearSCADA 2013 R1.2: Build_73.4955. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to ClearSCADA servers to only authorized engineering and operations workstations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4f05172c-a0f1-4df4-bfa4-767b223b4fec