OTPulse
FeedAboutContact

SIMPlight SCADA Software

Monitor7ICS-CERT ICSA-17-222-01Aug 10, 2017
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

A vulnerability in SIMPlight SCADA Software (version 4.3.0.27 and earlier) allows local code execution via a file interaction vector. The vulnerability has a CVSS score of 7.0 (high severity) with low skill level required for exploitation. The vendor has not engaged with CISA to develop or release a fix.

What this means
What could happen
An attacker with local access to a machine running SIMPlight SCADA software could execute arbitrary code with high privileges, potentially altering critical energy generation or distribution setpoints, triggering alarms, or halting SCADA operations.
Who's at risk
Energy sector operators using SIMPlight SCADA software for generator control, substation automation, or distribution management. Affects engineering workstations, operator consoles, and any systems running the vulnerable SCADA application version 4.3.0.27 or earlier.
How it could be exploited
The vulnerability is triggered by user interaction with a local file or interface on a machine where SIMPlight is installed. An attacker would need to trick an operator or engineer into opening a malicious file or performing an action on the affected system; once executed, the attacker gains code execution in the SCADA process context.
Prerequisites
  • Local access to a machine running SIMPlight SCADA Software version 4.3.0.27 or earlier
  • User interaction required (operator or engineer must open or execute a file/action)
  • Affected workstation must be running the vulnerable version
Low exploitation complexityRequires user interactionNo vendor patch availableAffects SCADA control systemsLocal access required
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
SCADA Software:≤ 4.3.0.27No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict local access to machines running SIMPlight to authorized personnel only; use physical access controls and strong workstation authentication
HARDENINGTrain operators and engineers on social engineering and malicious file risks; establish strict policies for opening files from untrusted sources
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SIMPlight SCADA Software to a version newer than 4.3.0.27 if a vendor release becomes available; monitor vendor channels for security updates
HARDENINGImplement endpoint protection and file integrity monitoring on all machines running SIMPlight to detect suspicious code execution
Mitigations - no patch available
0/1
SCADA Software: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate SIMPlight workstations from general corporate networks if possible; restrict inbound access and monitor for lateral movement
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/724cf265-77e8-4d81-929d-65b80473672e
SIMPlight SCADA Software | CVSS 7 - OTPulse