Schneider Electric IGSS SCADA Software

Plan Patch7.8ICS-CERT ICSA-21-070-01Mar 11, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric IGSS Definition (Def.exe) versions 15.0.0.21041 and earlier contain a buffer overflow vulnerability (CWE-119) in the handling of CGF (configuration) files. Successful exploitation could result in remote code execution on the IGSS workstation. The vulnerability requires user interaction—an operator must import a malicious CGF file. No public exploits are currently known, and the vulnerability is not remotely exploitable from across the network.

What this means

What could happen

An attacker who tricks an operator into importing a malicious CGF (configuration) file could run arbitrary code on the IGSS Definition workstation, potentially allowing them to modify SCADA logic, alter process parameters, or disrupt control system operations.

Who's at risk

Energy sector operators using Schneider Electric IGSS SCADA software for process control and monitoring. This affects engineering and configuration workstations where IGSS Definition is used to create or modify control system logic and parameters.

How it could be exploited

An attacker creates a malicious CGF file and delivers it via email or a file-sharing link to an engineering workstation operator. When the operator imports the CGF file into IGSS Definition (Def.exe), the buffer overflow vulnerability is triggered, executing the attacker's code with the privileges of the IGSS application.

Prerequisites

Local or physical access to an IGSS Definition workstation
User interaction required: operator must import a malicious CGF file
IGSS Definition version 15.0.0.21041 or earlier must be running
No special credentials needed beyond normal IGSS user access

buffer overflow vulnerability (CWE-119)user interaction required (social engineering via malicious file)local/workstation access requiredno public exploits knownaffects SCADA engineering tools

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Definition (Def.exe):≤ 15.0.0.2104115.0.0.21042 or later

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not import CGF files from untrusted or unexpected sources; verify the origin of any configuration files before importing

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Definition (Def.exe) to version 15.0.0.21042 or later via IGSS Master > Update IGSS Software or from Schneider Electric support portal

Long-term hardening

0/1

HARDENINGRestrict access to engineering workstations and limit which users can import CGF files through role-based access controls

CVEs (4)

CVE-2021-22709 CVE-2021-22710 CVE-2021-22711 CVE-2021-22712

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/abfe0e16-d18f-4657-82ed-c7da2cd86fde