Schneider Electric IGSS

Act Now9.8ICS-CERT ICSA-22-046-01Feb 15, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric IGSS Data Server versions 15.0.0.22020 and prior contain multiple critical vulnerabilities (CWE-190 integer overflow, CWE-22 path traversal, CWE-120/CWE-125 buffer overflows, CWE-665 improper initialization, CWE-862 missing authorization). These flaws allow an attacker to disclose sensitive data and take control of the SCADA system running in production mode. No patch is currently available from Schneider Electric.

What this means

What could happen

An attacker could gain remote access to your IGSS Data Server, read sensitive data from your SCADA system, and take control of process operations—potentially stopping or altering energy generation or manufacturing equipment without your knowledge.

Who's at risk

Energy utilities and manufacturing facilities using Schneider Electric IGSS (Integrated Graphical SCADA System) for real-time monitoring and control of power generation, distribution, or industrial processes. This includes any organization where IGSS Data Server version 15.0.0.22020 or earlier is deployed in production.

How it could be exploited

An attacker on your network (or the Internet, if the server is exposed) sends a specially crafted request to the IGSS Data Server on its listening port. The request exploits one or more buffer overflow or path traversal flaws in the server code (CWE-120, CWE-22, CWE-125, CWE-190). The server processes the malicious input without proper bounds checking and the attacker gains code execution, allowing them to read files, modify SCADA logic, or disrupt operations.

Prerequisites

Network connectivity to IGSS Data Server port (typically 20256 for IGSSdataServer.exe)
No authentication required—the vulnerabilities are in unauthenticated interfaces
IGSS running in production mode with real-time process control active

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety/control systemshigh CVSS (9.8)affects critical energy sector

Exploitability

Moderate exploit probability (EPSS 7.8%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Data Server (IGSSdataServer.exe): v15.0.0.22020 and prior≤ 15.0.0.22020No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate IGSS Data Server on a dedicated control network segment; restrict inbound network access to only authorized engineering workstations and HMI clients using firewall rules

HARDENINGImplement network access controls to block direct Internet access to IGSS ports; use a jump host or VPN for remote administration

HARDENINGMonitor network traffic to and from IGSS Data Server for signs of exploitation (e.g., unusual HTTP requests or binary payloads to port 20256)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Schneider Electric directly to inquire about availability of patches or workaround guidance; evaluate migration timeline to a patched IGSS version if available

CVEs (8)

CVE-2022-24310 CVE-2022-24311 CVE-2022-24312 CVE-2022-24313 CVE-2022-24314 CVE-2022-24315 CVE-2022-24316 CVE-2022-24317

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ad377550-a557-432f-8ba6-78acf5e4f728