Schneider Electric IGSS

Plan Patch8.8ICS-CERT ICSA-23-082-04Apr 3, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

IGSS Data Server (IGSSdataServer.exe), Dashboard (DashBoard.exe), and Custom Reports (RMS16.dll) in version 16.0.0.23040 and earlier contain multiple input validation and deserialization flaws (CWE-306, CWE-345, CWE-502, CWE-22, CWE-20). These vulnerabilities allow remote code execution without authentication and can result in denial-of-service conditions, modification of dashboard/report files, or loss of SCADA control. Version 16.0.0.23041 includes corrections and is available for download from IGSS Master Update IGSS Software or directly from Schneider Electric.

What this means

What could happen

An attacker could run arbitrary code on IGSS servers, taking control of SCADA operations, or cause denial-of-service attacks that disrupt dashboard access and report generation in production environments.

Who's at risk

Energy utilities and manufacturing plants using Schneider Electric IGSS (Integrated Graphical SCADA System) version 16.0.0.23040 or earlier should prioritize this update. This affects facilities running IGSS in production mode for SCADA monitoring and control, particularly those with remote dashboard or report access.

How it could be exploited

An attacker on the network sends a specially crafted request to the IGSS Data Server, Dashboard, or Custom Reports component. The request exploits insufficient input validation and insecure deserialization (CWE-502) to achieve remote code execution. No user credentials are required, but user interaction may be needed for some attack vectors.

Prerequisites

Network access to IGSS Data Server port (typically 55000 or custom)
IGSS version 16.0.0.23040 or earlier deployed
IGSS services running (DashBoard.exe or IGSSdataServer.exe process active)

remotely exploitableno authentication requiredlow complexityno patch available initially (end-of-life product)affects SCADA control systemshigh CVSS score (8.8)

Exploitability

Moderate exploit probability (EPSS 3.9%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

IGSS Data Server (IGSSdataServer.exe): V16.0.0.23040 and prior≤ 16.0.0.2304016.0.0.23041

IGSS Dashboard (DashBoard.exe): V16.0.0.23040 and prior≤ 16.0.0.2304016.0.0.23041

Custom Reports (RMS16.dll): V16.0.0.23040 and prior≤ 16.0.0.2304016.0.0.23041

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDEnable automatic file backup in IGSS System Configuration module under Files to protect dashboard and report files

HARDENINGRestrict network access to IGSS Data Server to engineering workstations and authorized control systems only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Data Server, Dashboard, and Custom Reports (RMS) to version 16.0.0.23041 or later

HOTFIXTest the update in a non-production environment before deploying to production SCADA systems

Long-term hardening

0/1

HARDENINGReview and implement Schneider Electric Security Guideline for IGSS to strengthen IGSS SCADA installation security

CVEs (8)

CVE-2023-27980 CVE-2023-27982 CVE-2023-27978 CVE-2023-27981 CVE-2023-27984 CVE-2023-27977 CVE-2023-27979 CVE-2023-27983

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dbd14152-44ef-4c8a-a737-2f3f5081171b