ICSA-19-295-01_Schneider Electric ProClima

Act NowCVSS 9.8ICS-CERT ICSA-19-295-01Oct 22, 2019

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Schneider Electric ProClima (all versions prior to 8.0.0) allows remote code execution without authentication. The vulnerability was reported by multiple security researchers including Haojun Hou, Kushal Arvind Shah of Fortinet, Yongjun Liu of NSFOCUS, and Telus. The issue permits an attacker on the network to execute arbitrary commands on ProClima systems, potentially affecting building climate control and safety operations. No known public exploits exist at the time of this advisory, but the vulnerability has a CVSS score of 9.8 (critical) and an EPSS exploit probability of 12.5%.

What this means

What could happen

An attacker with network access to ProClima can execute arbitrary code with no authentication required, potentially allowing them to modify building climate control setpoints, disable HVAC systems, or degrade comfort and safety conditions in critical facilities.

Who's at risk

Building managers and facility operators at energy sector organizations, data centers, and critical infrastructure using Schneider Electric ProClima HVAC and climate control systems should be aware of this vulnerability. It affects all versions of ProClima prior to 8.0.0, including legacy deployments in utility facilities, hospitals, government buildings, and commercial real estate with remote climate management.

How it could be exploited

An attacker on the network segment where ProClima is deployed can send a specially crafted network request to the ProClima service. Because the vulnerability requires no authentication and has low attack complexity, the attacker does not need credentials or special knowledge of the target system configuration.

Prerequisites

Network access to ProClima device or the network segment it resides on
ProClima version prior to 8.0.0

remotely exploitableno authentication requiredlow complexityhigh EPSS score (12.5%)affects critical building systems

Exploitability

Likely to be exploited — EPSS score 12.5%

Affected products (1)

ProductAffected VersionsFix Status

ProClima: all< 8.0.08.0.0

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGIsolate ProClima and building control networks from business network using firewalls

WORKAROUNDRestrict network access to ProClima to only authorized engineering and operational terminals; block internet-facing access

HARDENINGEnsure ProClima controllers are kept in locked cabinets and never left in Program mode

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ProClima to version 8.0.0 or newer

Long-term hardening

0/2

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing ProClima systems and programming workstations

HARDENINGScan all removable media (USB drives, CDs) before connecting to ProClima networks

CVEs (3)

CVE-2019-6823 CVE-2019-6824 CVE-2019-6825

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/274f9597-d60c-4da1-a763-42493731b8c4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.