Schneider Electric Interactive Graphical SCADA System Software
Monitor6.8ICS-CERT ICSA-17-094-01Apr 4, 2017
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary
Schneider Electric Interactive Graphical SCADA System (IGSS) Software versions 12 and earlier contain an arbitrary code execution vulnerability (CWE-427: Untrusted Search Path). An authenticated attacker with high-level privileges could trigger code execution through user-interaction functionality. The vulnerability affects IGSS on Windows platforms used for SCADA monitoring and visualization in energy systems. The vulnerability has been fixed in IGSS version 13.
What this means
What could happen
An attacker with high-level access to IGSS could execute arbitrary code on the SCADA workstation, potentially gaining control over process data visualization and alarming—which could mask alarms or display false information to operators.
Who's at risk
Energy utilities using Schneider Electric IGSS Software for SCADA visualization and monitoring on Windows workstations. This includes utility operators, system administrators, and engineering staff who interact with IGSS to monitor and manage electrical generation, transmission, or distribution assets.
How it could be exploited
An attacker must first gain high-privilege credentials or interactive session access to an IGSS workstation (e.g., by compromising an engineering workstation or through social engineering). Once authenticated, the attacker can trigger code execution through a user-interaction component, running arbitrary code with the privileges of the IGSS process.
Prerequisites
- High-privilege credentials or existing access to an IGSS workstation
- User interaction (administrator or authorized operator action)
- IGSS version 12 or earlier
- Network connectivity to the workstation is assumed but authentication/interactive access is the stronger barrier
Remotely exploitableRequires high-level credentialsRequires user interactionAffects SCADA visualization and alarming
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
IGSS Software:≤ 1213
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade IGSS Software to version 13 or later
Long-term hardening
0/2HARDENINGImplement network segmentation to restrict direct administrative access to IGSS workstations; limit who can remotely connect with high-privilege accounts
HARDENINGApply the principle of least privilege: ensure engineering and operator accounts have only necessary permissions and do not grant unnecessary administrative access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e59a792d-74bf-4d9e-bcd6-e2f85bbdf314