Schneider Electric OFS Server Vulnerability (Update A)
Low RiskICS-CERT ICSA-15-141-01AFeb 21, 2015
Summary
Schneider Electric OPC Factory Server (OFS) v3.5 and earlier contains an insecure library search path vulnerability (CWE-427) that could allow an attacker to execute arbitrary code by placing malicious files in locations that OFS searches during initialization or runtime. This affects all documented versions of OFS v3.5 and earlier variants. No patch has been released by Schneider Electric for this product.
What this means
What could happen
An attacker with network access to the OFS server could execute arbitrary code or modify process configuration files, potentially disrupting energy distribution operations or enabling unauthorized process changes.
Who's at risk
Energy utilities operating Schneider Electric OFS (OPC Factory Server) systems, particularly those using v3.5 and earlier versions for SCADA communications, supervisory control, or real-time data acquisition in generation, transmission, or distribution operations.
How it could be exploited
An attacker on the network could upload or replace insecure files on the OFS server (CWE-427: Untrusted Search Path vulnerability), allowing execution of malicious code that could interfere with SCADA communications or process control.
Prerequisites
- Network access to the OFS server and its administrative interfaces
- Ability to write to the OFS installation directory or shared library paths
- OFS version 3.5 or earlier (all documented versions)
No patch availableAffects critical energy infrastructureInsecure file path handling (CWE-427)Older product line with limited update support
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
2 pending2 EOL
ProductAffected VersionsFix Status
OFS: v3.5_with__v7.40v3.5 with v7.40No fix yet
OFS: v3.5v3.5No fix yet
OPC Factory Server (OSF): <=3.5≤ 3.5No fix (EOL)
OFS v3.5: v7.30v7.30No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict network access to OFS servers using firewall rules; allow only authorized engineering workstations and SCADA systems
HARDENINGImplement file integrity monitoring on OFS installation directories to detect unauthorized modifications
HARDENINGReview and restrict file permissions on OFS directories to prevent unauthorized write access by non-administrative users
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: OPC Factory Server (OSF): <=3.5, OFS v3.5: v7.30. Apply the following compensating controls:
HARDENINGEvaluate migration to a newer OPC solution or updated product line if Schneider Electric releases patches or end-of-life alternatives
HARDENINGMonitor for suspicious file modifications or unexpected process execution on OFS servers
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/129e8b20-4cf2-4bc4-8890-06bb11003a97