OTPulse
FeedAboutContact

Scada-LTS Third Party Component

Monitor6.5ICS-CERT ICSA-23-115-02Apr 28, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Scada-LTS versions 2.7.4 and earlier contain a stored cross-site scripting (XSS) vulnerability (CWE-79) that allows remote attackers without authentication to inject malicious scripts. Successful exploitation could allow loss of sensitive information and execution of arbitrary code on the system.

What this means
What could happen
An attacker could steal sensitive information from Scada-LTS or execute arbitrary code on the system through a stored cross-site scripting (XSS) attack, potentially gaining control of SCADA operations and process monitoring.
Who's at risk
Energy utilities and operators running Scada-LTS version 2.7.4 or earlier should prioritize this. The vulnerability affects the supervisory control and data acquisition monitoring system used to oversee SCADA network operations.
How it could be exploited
An attacker sends a specially crafted request containing malicious JavaScript to a Scada-LTS user. If the user interacts with the request (clicks a link or visits a page), the script executes in their browser with their session privileges, allowing the attacker to steal session credentials or extract sensitive data from the SCADA system.
Prerequisites
  • Network access to Scada-LTS web interface
  • User interaction required (victim must click a link or visit attacker-controlled page)
  • No authentication bypass - runs with victim's existing session privileges
remotely exploitableno authentication requiredlow complexityaffects SCADA monitoring and data visibility
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
: <= 2.7.4≤ 2.7.42.7.4.1
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict web access to Scada-LTS to authorized personnel only using firewall rules or access control lists
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Scada-LTS to version 2.7.4.1 or later
Long-term hardening
0/2
HARDENINGPlace Scada-LTS on a network isolated from the Internet and business networks, accessible only from engineering workstations on the control system network
HARDENINGIf remote access to Scada-LTS is required, enforce access through a VPN with current patches and multi-factor authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/939585ad-ee25-4f2b-ba55-ba6ddb27cde4