Schneider Electric IGSS

Act Now9.8ICS-CERT ICSA-21-285-03Oct 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric IGSS Data Collector (dc.exe) versions 15.0.0.21243 and prior contain multiple vulnerabilities including buffer overflow (CWE-120), arbitrary file upload (CWE-434), path traversal (CWE-22), and missing authentication checks (CWE-306). Successful exploitation allows remote code execution, unauthorized file read/deletion, and arbitrary file creation on the Data Collector system.

What this means

What could happen

An attacker could execute arbitrary code on the IGSS Data Collector, allowing them to alter or stop data collection and monitoring processes, read/delete configuration files and historian data, or manipulate the data being reported to supervisory systems.

Who's at risk

This affects Schneider Electric IGSS (Integrated Gateway System Software) deployments used in energy utilities and other process monitoring environments. Critical concern for organizations relying on IGSS Data Collector (dc.exe) for real-time data collection and historian functions in energy management and SCADA systems.

How it could be exploited

An attacker with network access to the IGSS Data Collector (typically on port 12401 or as configured) can send a specially crafted request that exploits buffer overflow, path traversal, or file upload vulnerabilities. No authentication is required. Once exploited, the attacker gains code execution on the Data Collector process running under the system account.

Prerequisites

Network access to IGSS Data Collector (dc.exe) service port
IGSS version 15.0.0.21243 or earlier
No authentication required
MatchWinName registry setting not enabled (default condition)

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS 9.8Affects monitoring and data integrityMultiple vulnerability types (buffer overflow, file traversal, file upload)

Exploitability

Moderate exploit probability (EPSS 2.5%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Data Collector (dc.exe): v15.0.0.21243 and prior≤ 15.0.0.2124315.0.0.21244

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDEnable registry key MatchWinName=1 under HKEY_CURRENT_USER\SOFTWARE\SchneiderElectric\IGSS32\V15.00.00\DC_HKLM\ to restrict connections to authorized workstations only

HARDENINGPlace IGSS Data Collector behind firewall with strict inbound rules; block unsolicited connections from the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS DC module to version 15.0.0.21244 via IGSS Master > Update IGSS Software

Long-term hardening

0/1

HARDENINGIsolate IGSS Data Collector on a private control network separate from business network

CVEs (4)

CVE-2021-22802 CVE-2021-22803 CVE-2021-22804 CVE-2021-22805

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef9a604a-5f68-4a93-ab6d-03c21bd2a754