Schneider Electric IGSS SCADA Software

Plan Patch7.8ICS-CERT ICSA-20-084-02Mar 24, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

IGSS (Interactive Graphical SCADA System) versions 14 and earlier contain path traversal (CWE-22) and missing authentication (CWE-306) vulnerabilities. Successful exploitation allows an attacker with local access to bypass authorization controls, read sensitive process data, and modify SCADA functions. The vulnerabilities reside in how IGSS handles file access and user authentication on the Windows platform.

What this means

What could happen

An attacker with local access to an IGSS engineering workstation could read sensitive process data, modify control system logic, or disrupt SCADA operations. This could impact water treatment, power distribution, or other critical infrastructure controlled through IGSS.

Who's at risk

Energy sector operators using Schneider Electric IGSS for SCADA monitoring and control of critical infrastructure such as water treatment, power generation, or distribution systems. Engineering workstations and operator stations running IGSS are the primary targets.

How it could be exploited

An attacker must first gain local access to the Windows machine running IGSS (via phishing, malware, or physical access). They then exploit path traversal or authentication bypass vulnerabilities to access IGSS data or functions without proper authorization. No network access required—the attack starts from the workstation itself.

Prerequisites

Local access to the Windows machine running IGSS
Low-privilege user account on the IGSS workstation
IGSS version 14 or earlier installed

Low complexity attackLocal access required (limits exposure but increases risk in shared engineering environments)High impact to confidentiality and integrityAffects safety-critical SCADA systemsPath traversal vulnerability (CWE-22)

Exploitability

Moderate exploit probability (EPSS 1.8%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS (Interactive Graphical SCADA System):≤ 1414.0.0.20009

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable the IGSS Update service when not actively installing updates

HARDENINGRestrict local Windows login and network access to IGSS workstations to trusted personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate to IGSS Version 14.0.0.20009 or later

HARDENINGPlace IGSS engineering workstations on an isolated network segment behind a firewall, restricting access from the business network

HARDENINGApply least-privilege principle to user accounts on IGSS workstations (disable interactive login where possible, use service accounts with minimal permissions)

CVEs (2)

CVE-2020-7478 CVE-2020-7479

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/98e7b90f-8a79-4472-8220-8f512643b73d