MDT AutoSave

Plan PatchCVSS 10ICS-CERT ICSA-21-189-02Jul 8, 2021

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in MDT AutoSave and AutoSave for System Platform (A4SP) allow unauthenticated remote code execution on the Remote MDT Server. The vulnerabilities stem from weak input validation, SQL injection, and improper file handling (CWE-326, CWE-89, CWE-23, CWE-77, CWE-427, CWE-209, CWE-434). An attacker with knowledge of the product's database structure could exploit these flaws to execute arbitrary commands without valid credentials, potentially compromising data integrity and system availability.

What this means

What could happen

An attacker with detailed knowledge of MDT AutoSave's database structure could execute arbitrary code remotely on the Remote MDT Server without needing valid credentials, potentially taking control of the data collection and alarm management system that monitors your facility.

Who's at risk

Water utilities and electric utilities using MDT AutoSave or AutoSave for System Platform (A4SP) for remote data collection, alarm management, and monitoring are affected. This impacts any facility relying on these systems for real-time supervisory data and historical trending.

How it could be exploited

An attacker sends a specially crafted request over the network to the Remote MDT Server, exploiting weak input validation and SQL injection vulnerabilities. If the attacker understands the database schema, they can inject malicious commands that lead to arbitrary code execution on the server, allowing them to modify or delete critical process data or plant alarm configurations.

Prerequisites

Network access to the Remote MDT Server (default or non-standard port)
Detailed knowledge of MDT AutoSave database structure and architecture
No valid user credentials or authentication required

Remotely exploitableNo authentication requiredLow complexity exploitation with detailed product knowledgeNo patch available for some product versionsHigh CVSS score (10.0)Affects data collection and alarm systems critical to operations

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

AutoSave for System Platform (A4SP):< 4.01No fix yet

A4SP:5No fix yet

MDT AutoSave: v7.00-7.04≥ 7.00 | ≤ 7.04No fix yet

MDT AutoSave:< 6.02.06No fix yet

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDBlock network access to Remote MDT Server from the Internet and untrusted networks using firewall rules

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

AutoSave for System Platform (A4SP):

HOTFIXUpgrade AutoSave for System Platform (A4SP) 4.x to version 4.01 or later

HOTFIXUpgrade AutoSave for System Platform (A4SP) 5.x to version 5.01 or later

All products

HOTFIXUpgrade MDT AutoSave 6.x to version 6.02.06 or later

HOTFIXUpgrade MDT AutoSave 7.x to version 7.05 or later

Long-term hardening

0/2

HARDENINGPlace the Remote MDT Server behind a firewall and isolate it from the business network

HARDENINGIf remote access to MDT AutoSave is required, use a VPN with current security updates

CVEs (7)

CVE-2021-32945 CVE-2021-32953 CVE-2021-32949 CVE-2021-32933 CVE-2021-32957 CVE-2021-32937 CVE-2021-32961

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99b873e2-6086-4d38-a5b0-02888acd0686

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.