OTPulse
FeedAboutContact

Schneider Electric Wonderware InduSoft Web Studio

Plan Patch7.3ICS-CERT ICSA-17-138-02May 18, 2017
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions contain a local privilege escalation vulnerability (CWE-276 - improper privilege management). An attacker with local access and low-level user credentials can escalate privileges to a higher level with user interaction (UI required).

What this means
What could happen
An attacker with local access to an engineering workstation running InduSoft Web Studio could gain elevated privileges and modify control logic, project settings, or access sensitive process configurations used to manage industrial processes.
Who's at risk
Energy sector operators (utilities, generation facilities) and any industrial facility using Wonderware InduSoft Web Studio for HMI/SCADA visualization and engineering. This affects engineering workstations and operator consoles that manage process setpoints and equipment automation.
How it could be exploited
An attacker with local user account access to an InduSoft Web Studio workstation can exploit improper privilege management to escalate to a higher privilege level. The attack requires user interaction and succeeds due to low skill complexity, potentially allowing modification of HMI configurations or control logic tied to industrial equipment.
Prerequisites
  • Local user account on the workstation running InduSoft Web Studio
  • User interaction required (social engineering or physical presence)
  • Vulnerable version: v8.0 Patch 3 or earlier
Low attack complexityLocal access requiredPrivilege escalationEngineering workstations targetedLow skill level to exploit
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Wonderware InduSoft Web Studio: v8.0 Patch 3 and prior versions≤ 8.0 Patch 3v8.0 Service Pack 1
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict local user access on engineering workstations to trusted personnel only; use account lockdown policies and remove unnecessary local accounts
HARDENINGImplement physical security controls on engineering workstations to prevent unauthorized local access
WORKAROUNDEnable and configure Windows User Access Control (UAC) on InduSoft workstations to require elevation for privilege-requiring actions
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Wonderware InduSoft Web Studio to v8.0 Service Pack 1 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f5dfd827-cd06-4aec-bf05-34680911b3ce
Schneider Electric Wonderware InduSoft Web Studio | CVSS 7.3 - OTPulse