Schneider Electric Interactive Graphical SCADA System

Plan Patch7ICS-CERT ICSA-19-192-06Jul 11, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Arbitrary code execution or denial of service vulnerability in Schneider Electric IGSS (Interactive Graphical SCADA System) affecting versions 14 and earlier. The vulnerability requires local access, user interaction (opening a malicious file), and moderate complexity to exploit. No publicly known exploits currently exist.

What this means

What could happen

An attacker with local access could execute arbitrary code on IGSS systems, potentially altering process data, stopping SCADA monitoring, or crashing the software. This could impact real-time visibility and control of critical infrastructure operations.

Who's at risk

Utilities and manufacturers using Schneider Electric IGSS for SCADA monitoring and control should assess this risk. IGSS is typically deployed on engineering workstations, HMI terminals, or supervisory computers in electric generation, transmission, and distribution operations. Energy sector operators relying on IGSS for real-time process visibility are affected.

How it could be exploited

An attacker must gain local access to a system running IGSS, then convince a user to open a malicious file (likely via social engineering or supply chain compromise). Once opened, the attacker gains code execution with the privileges of the IGSS application, potentially allowing modification of SCADA logic, process setpoints, or shutdown of monitoring.

Prerequisites

Local system access to a machine running IGSS
User must interact with a malicious file (click, open, execute)
Configuration database (mdb) must be accessible from the local system

local access only (not remotely exploitable)requires user interaction (social engineering needed)moderate complexityno publicly known exploitsaffects SCADA visualization and monitoring

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS:≤ 1413.0.0.19140 or 14.0.0.19120

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDRestrict access to the IGSS configuration database (mdb file) to authorized personnel only. Prevent untrusted or guest accounts from reading or modifying the database.

HARDENINGTrain users not to open unsolicited files or click unexpected links, particularly files that interact with SCADA systems. Treat email attachments from unknown senders as high-risk.

HARDENINGScan all removable media (USB drives, external drives, CDs) with antimalware tools before connecting to any ICS-connected system.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade IGSS to Version 13.0.0.19140 or Version 14.0.0.19120 or later (available from Schneider Electric download portal). A software restart is required but not a full system reboot.

Long-term hardening

0/2

HARDENINGIsolate IGSS systems and engineering workstations behind firewalls, on a separate network segment from business networks. Restrict lateral movement from office networks to ICS networks.

HARDENINGStore IGSS installation media and configuration files in locked, physically secured cabinets. Ensure engineering workstations are never connected to untrusted networks (Internet, guest WiFi, home networks) before connecting to ICS networks.

CVEs (1)

CVE-2019-6827

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/39ad5384-c649-4bc9-ad29-0a3e36a594d7