OTPulse
FeedAboutContact

Measuresoft ScadaPro Server

Plan Patch7.8ICS-CERT ICSA-22-235-05Aug 23, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability (CWE-787) in Measuresoft ScadaPro Server versions prior to 6.8.0.1 allows arbitrary code execution when a user opens a malicious project file. The vulnerability is local-only and not remotely exploitable. Successful exploitation could allow an attacker to execute commands with the privileges of the logged-in user, potentially compromising SCADA project files, process setpoints, or access to sensitive operational data.

What this means
What could happen
An attacker with local access to a computer running ScadaPro Server could execute arbitrary code with the privileges of the logged-in user, potentially altering SCADA project files, process configurations, or stealing sensitive industrial data.
Who's at risk
Energy sector operators running ScadaPro Server for SCADA monitoring and control. This primarily affects utility control engineers and shift operators who work with project files and may receive files via email or external sources.
How it could be exploited
An attacker would need to trick a user into opening a malicious project file (.xxx or similar) on a machine running ScadaPro Server. Upon opening the file in the application, the malicious content triggers a buffer overflow (CWE-787), allowing the attacker to execute arbitrary code with the user's privileges.
Prerequisites
  • Local access to the machine running ScadaPro Server
  • A user must be logged into the workstation
  • User must open a malicious project file provided by the attacker (social engineering)
  • ScadaPro Server version prior to 6.8.0.1 must be installed
Local attack vector onlyLow complexityNo authentication requiredBuffer overflow vulnerabilitySocial engineering required for exploitation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ScadaPro Server:< 6.8.0.16.8.0.1
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGEstablish a policy restricting project file imports to only those from trusted, verified sources
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ScadaPro Server to version 6.8.0.1 or later
HARDENINGImplement email security controls (spam filters, attachment blocking) to reduce delivery of malicious project files
Long-term hardening
0/1
HARDENINGConduct staff training on recognizing social engineering attempts and phishing emails that deliver malicious files
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/46e0d720-b4da-4c42-8cc9-112ae349f0d1
Measuresoft ScadaPro Server | CVSS 7.8 - OTPulse