Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)
Low RiskICS-CERT ICSA-14-259-01AJun 19, 2014
Summary
ClearSCADA versions 2010, 2013, and 2014 contain multiple vulnerabilities: reflected cross-site scripting (CWE-79) in web interfaces that could execute malicious scripts if users visit attacker-controlled links; authentication bypass or weakness (CWE-287) allowing unauthorized access with weak or default credentials; and weak or outdated cryptographic mechanisms (CWE-327) in data transmission. No vendor patches are available for these legacy versions.
What this means
What could happen
ClearSCADA systems contain multiple vulnerabilities that could allow an attacker with access to the system to execute code, bypass authentication, or compromise the integrity of monitoring and control data. Impacts could range from unauthorized changes to process setpoints to disruption of water distribution or power grid monitoring.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators running Schneider Electric ClearSCADA 2010, 2013, or 2014 versions are affected. This impacts SCADA servers that monitor and control water distribution, power generation, and transmission systems. Legacy systems with no vendor support are at particular risk.
How it could be exploited
An attacker with network access to a ClearSCADA server could exploit reflected cross-site scripting (CWE-79) if a user visits a malicious link, or leverage weak cryptographic practices (CWE-327) in communications. Additionally, authentication weaknesses (CWE-287) could allow unauthorized access if the attacker obtains or cracks credentials, leading to unauthorized monitoring or control of critical infrastructure.
Prerequisites
- Network access to the ClearSCADA web interface or server
- Valid credentials or ability to exploit weak authentication mechanisms
- User interaction to click a malicious link (for XSS exploitation)
No patch available for affected versionsWeak authentication mechanismsVulnerable to reflected cross-site scriptingWeak cryptographic practicesEnd-of-life or legacy product with no vendor support
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (9)
9 EOL
ProductAffected VersionsFix Status
ClearSCADA 2010: R3_build_72.4560R3 build 72.4560No fix (EOL)
ClearSCADA 2010: R3.1_build_72.4644R3.1 build 72.4644No fix (EOL)
SCADA Expert ClearSCADA 2013: R1_build_73.4729R1 build 73.4729No fix (EOL)
SCADA Expert ClearSCADA 2014: R1_build_75.5210R1 build 75.5210No fix (EOL)
SCADA Expert ClearSCADA 2013: R1.1_build_73.4832R1.1 build 73.4832No fix (EOL)
SCADA Expert ClearSCADA 2013: R1.1a_build_73.4903R1.1a build 73.4903No fix (EOL)
SCADA Expert ClearSCADA 2013: R1.2_build_73.4955R1.2 build 73.4955No fix (EOL)
SCADA Expert ClearSCADA 2013: R2_build_74.5094R2 build 74.5094No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGIsolate ClearSCADA systems on a segmented network with restricted access from corporate IT and external networks
WORKAROUNDImplement firewall rules to restrict network access to ClearSCADA servers to only authorized engineering workstations and critical monitoring terminals
HARDENINGChange all default and weak credentials on ClearSCADA instances; enforce strong password policies
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDDisable or restrict the use of the ClearSCADA web interface if not required for operations; use local console access or VPN with multi-factor authentication instead
Long-term hardening
0/1HOTFIXPlan for migration to a patched version of ClearSCADA or a supported replacement product to address XSS, authentication, and cryptographic vulnerabilities
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c1706e03-0173-4bc5-81d6-cfacd6d20835