OTPulse
FeedAboutContact

Schneider Electric IGSS SCADA Software

Plan Patch7ICS-CERT ICSA-18-044-02Feb 13, 2018
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

A buffer overflow vulnerability (CWE-119) in Schneider Electric IGSS SCADA Software versions 12 and earlier allows a locally authenticated user to execute arbitrary code with elevated privileges on the SCADA server. The vulnerability is triggered through a memory safety flaw and requires local system access and valid user credentials. Successful exploitation could allow an authorized insider or an attacker with physical access to compromise process control logic.

What this means
What could happen
An authenticated local user could execute arbitrary code on the IGSS SCADA server, potentially allowing them to alter process logic, modify alarm thresholds, or disable safety interlocks in energy generation and distribution systems.
Who's at risk
Energy sector organizations using Schneider Electric IGSS SCADA software for supervisory control, including electric utilities, generation facilities, and distribution operators. IGSS is commonly used to monitor and control generation assets, substation equipment, and distribution networks. Any site running IGSS V12 or earlier should prioritize upgrading before this vulnerability can be exploited by insider threats or after physical compromise.
How it could be exploited
An attacker with local access and valid user credentials on a machine running IGSS SCADA could exploit a memory safety vulnerability to execute arbitrary code. This requires direct access to the SCADA engineering workstation or server console, not remote network access.
Prerequisites
  • Local access to the IGSS SCADA server or engineering workstation
  • Valid user account credentials on the affected system
  • Moderate technical skill required to develop and deliver the exploit payload
Local access requiredValid credentials neededAffects SCADA supervisory controlMemory safety vulnerability
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
IGSS SCADA Software: V12 and all previous versions≤ 1213 using the following link
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local login access to the IGSS SCADA server to trusted engineering and operations personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade IGSS SCADA to version 13 or later
Long-term hardening
0/1
HARDENINGImplement physical security controls to limit unattended access to IGSS SCADA workstations and servers
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/adab9dab-3084-45d8-add7-8bfe28920ca0