Eaton ELCSoft

MonitorCVSS 6.3ICS-CERT ICSA-18-065-03Mar 6, 2018

Eaton

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Eaton ELCSoft versions 2.04.02 and earlier contain an input validation flaw (CWE-20) that allows remote exploitation with user interaction. An attacker can craft a malicious file that, when opened in ELCSoft, leads to information disclosure, integrity compromise, or availability impact. The attack requires no elevated privileges and is remotely exploitable over the network.

What this means

What could happen

An attacker could trick a user into opening a malicious file that exploits an input validation flaw in ELCSoft, potentially allowing them to read sensitive data, modify engineering configurations, or disrupt the software's operation.

Who's at risk

Eaton ELCSoft users and operators at utilities and industrial facilities that rely on ELCSoft for equipment control logic configuration and maintenance. This affects engineering workstations used to configure and manage Eaton electrical control systems.

How it could be exploited

An attacker crafts a malicious file and sends it to an ELCSoft user (e.g., via email or file sharing). When the user opens the file in ELCSoft, the application fails to properly validate the input, allowing the attacker to execute unintended actions within the software context.

Prerequisites

User interaction required (user must open a malicious file)
Network access to deliver the malicious file to the target user

remotely exploitableuser interaction required (click-based)input validation flawlow exploit complexity

Exploitability

Some exploitation risk — EPSS score 1.5%

Affected products (1)

ProductAffected VersionsFix Status

ELCSoft:≤ 2.04.022.04.03+

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGImplement email filtering and user awareness training to reduce the likelihood of users opening untrusted files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ELCSoft to the latest firmware version released by Eaton

Long-term hardening

0/1

HARDENINGRestrict file sharing capabilities and access to ELCSoft engineering workstations from external networks

CVEs (1)

CVE-2018-7511

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/62b2790d-0296-4ecf-9daa-f6beb5b56746

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.