Schneider Electric Interactive Graphical SCADA System (IGSS)

Plan Patch7.8ICS-CERT ICSA-20-324-04Nov 17, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric Interactive Graphical SCADA System (IGSS) Definition module (Def.exe) contains buffer overflow vulnerabilities (CWE-119, CWE-787, CWE-125) that allow remote code execution. The vulnerabilities exist in versions up to 14.0.0.20247. Exploitation requires local access and user interaction (opening a malicious CGF file).

What this means

What could happen

An attacker with local access could trick an operator into opening a malicious CGF file, allowing arbitrary code execution on the IGSS Definition workstation. This could compromise the SCADA system's ability to monitor and control industrial processes.

Who's at risk

Energy sector organizations using Schneider Electric IGSS for SCADA monitoring and control. Specifically affects engineering workstations and operator stations running IGSS Definition module, which is used to configure and manage SCADA visualization and control logic for power generation, distribution, and industrial processes.

How it could be exploited

An attacker crafts a malicious CGF (configuration) file and tricks an operator or engineer into opening it in IGSS Definition. The buffer overflow in the CGF parser allows the attacker to execute arbitrary code with the privileges of the user running Def.exe. No network access required.

Prerequisites

Local or removable media access to the IGSS Definition workstation
User interaction required: victim must open a malicious CGF file
Victim must be running IGSS Definition version 14.0.0.20247 or earlier

Buffer overflow vulnerabilityNo authentication requiredUser interaction required (reduces immediate risk)Low complexity exploitationAffects SCADA engineering/monitoring station

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Definition (Def.exe):≤ 14.0.0.2024714.0.0.20248

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement file transfer controls to prevent importing CGF files from untrusted sources (email filtering, removable media restrictions)

HARDENINGRestrict CGF file opening to authorized personnel only; train operators not to open CGF files from unknown sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Definition module to version 14.0.0.20248 or later

Long-term hardening

0/1

HOTFIXConsider upgrading to IGSS v15 for full resolution of this and related issues

CVEs (9)

CVE-2020-7550 CVE-2020-7551 CVE-2020-7552 CVE-2020-7553 CVE-2020-7554 CVE-2020-7555 CVE-2020-7556 CVE-2020-7557 CVE-2020-7558

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69be3192-1bc1-41ec-8961-627cc800e682