OTPulse
FeedAboutContact

AVEVA Wonderware System Platform

Plan Patch8.8ICS-CERT ICSA-19-029-03Jan 29, 2019
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

AVEVA Wonderware System Platform 2017 Update 2 and prior stores credentials for the ArchestrA Network User Account in a manner that allows unauthorized access by local users. The vulnerability requires local access and valid user credentials to exploit. CWE-522 (Insufficiently Protected Credentials).

What this means
What could happen
An attacker with local access to the Wonderware System Platform server could extract the ArchestrA Network User Account credentials, potentially allowing unauthorized access to the entire supervisory control system and the ability to modify setpoints, stop operations, or alter process data.
Who's at risk
Water authorities and electric utilities running AVEVA Wonderware System Platform 2017 Update 2 or earlier for SCADA/HMI operations should prioritize this vulnerability. The System Platform is the central supervisory control system managing process data and operator commands across the entire facility.
How it could be exploited
An attacker with local access to the System Platform 2017 machine and valid user credentials could extract plaintext or weakly protected ArchestrA Network User Account credentials from the system. These credentials could then be reused to authenticate to other systems on the control network with elevated privileges.
Prerequisites
  • Local access to the Wonderware System Platform server
  • Valid user account credentials on the server
  • System Platform version 2017 Update 2 or prior
Local access required for exploitationValid user credentials requiredNo public exploits availableEnd-of-life product version (2017)Affects credentials used across control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Wonderware System Platform 2017: Update 2 and prior≤ 2Update 3
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict local access to the System Platform server through physical and logical controls; limit user accounts with local access rights
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Wonderware System Platform 2017 to Update 3 or later
Long-term hardening
0/2
HARDENINGIsolate the System Platform server on a dedicated control network segment behind firewalls, not accessible from the business network or Internet
HARDENINGFor any required remote access, use a VPN with current security updates and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/52e72dd4-0f8f-41e3-864f-efcc2685a8f3
AVEVA Wonderware System Platform | CVSS 8.8 - OTPulse