OTPulse
FeedAboutContact

Schneider Electric Zelio Soft 2

Plan Patch7.8ICS-CERT ICSA-19-190-03Jul 9, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Zelio Soft 2 versions 5.2 and earlier contain a use-after-free vulnerability in the project file parser. Successful exploitation occurs when a user opens a specially crafted project file, allowing an attacker to execute arbitrary code with the privileges of the user running Zelio Soft 2. The vulnerability affects the engineering workstation only; it does not directly compromise the logic controller itself unless the attacker uses the compromised workstation to reprogram it.

What this means
What could happen
An attacker with access to an engineer's workstation could execute arbitrary code on the machine by sending a specially crafted project file, potentially gaining control of the Zelio programming environment and the logic controllers it manages.
Who's at risk
Energy sector operators using Zelio Soft 2 (version 5.2 or earlier) on engineering workstations. This affects anyone who programs or maintains Schneider Electric Zelio logic controllers, including municipal utilities, industrial facilities, and control system integrators.
How it could be exploited
An attacker crafts a malicious Zelio Soft 2 project file and tricks or socially engineers an engineer into opening it. When opened, the file exploits a use-after-free memory vulnerability (CWE-416) in the software, allowing the attacker to run arbitrary code on the engineer's workstation with the same privileges as the user.
Prerequisites
  • Zelio Soft 2 software installed on the target workstation (version 5.2 or earlier)
  • An engineer must be tricked into opening a malicious project file
  • No special credentials or network access required—local code execution only
No authentication required to trigger the vulnerabilityLow complexity attack (crafted file sent to engineer)Use-after-free memory bug (CWE-416)No patch available for version 5.2 and earlier
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
Zelio Soft 2:≤ 5.25.3
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDRestrict file-opening privileges on engineering workstations; configure file associations or file type handling to warn before opening project files from untrusted sources
WORKAROUNDImplement email security controls (antivirus scanning, sandboxing) to block potentially malicious project files sent externally
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Zelio Soft 2 to version 5.3 or later
Long-term hardening
0/2
HARDENINGIsolate engineering workstations (Zelio Soft 2 machines) from the business network using network segmentation or air-gapping where possible
HARDENINGTrain engineers on the risk of opening project files from untrusted sources and establish a secure file-sharing protocol for project exchange
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/31f9b4ef-21a2-444e-99b3-db2d1c52020a
Schneider Electric Zelio Soft 2 | CVSS 7.8 - OTPulse