OTPulse
FeedAboutContact

mySCADA myDESIGNER

Plan Patch7.3ICS-CERT ICSA-21-313-04Nov 9, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

myDESIGNER versions 8.20.0 and earlier contain a path traversal vulnerability (CWE-23) that allows local code execution. An attacker with local access to an affected workstation can exploit this through user interaction with a malicious file. Successful exploitation allows an attacker to run arbitrary code with user privileges on the engineering workstation, potentially compromising SCADA system designs and configurations.

What this means
What could happen
An attacker with local access and user interaction could execute arbitrary code on the myDESIGNER workstation, potentially compromising SCADA design files and configurations used to program control systems.
Who's at risk
Energy sector operators who use mySCADA myDESIGNER for SCADA engineering and system design should prioritize this. This affects engineering workstations used to design and configure industrial control systems for power generation and distribution facilities.
How it could be exploited
An attacker must trick a user into opening a malicious file or following a crafted link while they are logged into myDESIGNER on a workstation with local access. Once the user interacts with the malicious content, the attacker can run commands with the privileges of the logged-in user.
Prerequisites
  • Local or physical access to the workstation
  • Ability to deliver a malicious file or link to a user (email, USB, etc.)
  • User interaction required (clicking link or opening attachment)
  • myDESIGNER version 8.20.0 or earlier installed
Local access requiredUser interaction requiredAffects SCADA engineering environmentDefault file handling may enable exploitation
Exploitability
Moderate exploit probability (EPSS 2.3%)
Affected products (1)
ProductAffected VersionsFix Status
myDESIGNER:≤ 8.20.08.22.0
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDo not click links or open attachments from unsolicited emails; verify sender identity before interacting with email content
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate myDESIGNER to version 8.22.0 or later
Long-term hardening
0/2
HARDENINGIsolate SCADA engineering workstations from the business network using firewalls and network segmentation
HARDENINGRestrict physical and network access to myDESIGNER workstations to authorized personnel only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8e6540be-b52a-431d-9935-54b612f4f94c