Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability
Act NowICS-CERT ICSA-14-135-02Feb 15, 2014
Summary
Tableau Server versions 8.0.6 through 8.0.9 and 8.1.0 through 8.1.5 contain an OpenSSL buffer overflow vulnerability (CWE-119) that allows remote code execution without authentication. This is an actively exploited vulnerability affecting energy sector analytics infrastructure. No patched version is available from the vendor; users must upgrade to a version outside these ranges or discontinue use of the affected software.
What this means
What could happen
An attacker who gains access to a vulnerable Tableau Server could execute arbitrary code on the system, potentially compromising data analytics infrastructure and access to operational dashboards that monitor critical energy systems.
Who's at risk
Energy sector organizations running Tableau Server for analytics and reporting on SCADA data, historian databases, or operational dashboards. This includes utilities using Tableau to visualize real-time or historical operational metrics from DCS and SCADA systems.
How it could be exploited
An attacker could exploit an OpenSSL buffer overflow vulnerability (CWE-119) in Tableau Server through network-accessible SSL/TLS communications without requiring authentication, allowing remote code execution on the Tableau Server process and underlying system.
Prerequisites
- Network access to Tableau Server SSL/TLS port (typically 443 or 8443)
- No authentication required
remotely exploitableno authentication requiredactively exploited (KEV)high EPSS score (94.5%)no patch availablebuffer overflow (memory corruption)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
2 pending
ProductAffected VersionsFix Status
Tableau Server: >=8.0.6|<=8.0.9≥ 8.0.6|≤ 8.0.9No fix yet
Tableau Server: >=8.1.0|<=8.1.5≥ 8.1.0|≤ 8.1.5No fix yet
Remediation & Mitigation
0/4
Do now
0/3HARDENINGIsolate Tableau Server from external networks and implement network segmentation so only authorized analytics workstations and SCADA historian systems can access it
WORKAROUNDImplement firewall rules to restrict inbound connections to Tableau Server to only necessary internal sources and block all external direct access
WORKAROUNDMonitor Tableau Server logs and network traffic for suspicious SSL/TLS connection attempts and exploitation patterns
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXDiscontinue use of affected Tableau Server versions (8.0.6-8.0.9 and 8.1.0-8.1.5) and migrate to a newer, patched version when possible
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c40e16d2-b3bf-4dc8-9e4a-97ea3e0edd50