Schneider Electric Wonderware System Platform Vulnerabilities
Low RiskICS-CERT ICSA-15-169-02Mar 21, 2015
Summary
Schneider Electric Wonderware System Platform 2014 R2 and earlier contain an insecure library loading vulnerability (CWE-427) that could allow an attacker to execute arbitrary code on the system.
What this means
What could happen
An attacker could execute arbitrary code on the Wonderware System Platform, potentially compromising SCADA/HMI visibility and control of industrial processes across the energy sector.
Who's at risk
Energy sector operators who rely on Wonderware System Platform 2014 for SCADA/HMI control and monitoring, particularly those using early versions (R2 and earlier) for critical industrial automation and process supervision.
How it could be exploited
An attacker with local or network access to the Wonderware System Platform could exploit an insecure library loading mechanism to load a malicious library and execute arbitrary code with the privileges of the application.
Prerequisites
- Local or network access to the Wonderware System Platform
- Ability to place a malicious library in a location where the application searches for dependencies
no patch availableinsecure library loading vulnerabilityaffects SCADA/HMI systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Wonderware System Platform 2014: <=R2≤ R2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict local and network access to the Wonderware System Platform server using host-based firewalls and network segmentation
WORKAROUNDDisable or remove any unnecessary library search paths from the Wonderware application configuration
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Wonderware System Platform beyond version 2014 R2 if possible; however, verify that no patch is available from Schneider Electric before planning upgrade
Mitigations - no patch available
0/1Wonderware System Platform 2014: <=R2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement strict file integrity monitoring on the Wonderware System Platform server to detect unauthorized library modifications
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7b507197-7bc7-47b3-ab5e-0a95d9c7683b