Schneider Electric IGSS

Plan Patch7.8ICS-CERT ICSA-23-220-01Aug 8, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric IGSS Dashboard contains insecure deserialization (CWE-502) and missing authentication (CWE-306) vulnerabilities that could allow arbitrary code execution or loss of control of the SCADA system. Affected versions: IGSS Dashboard (DashBoard.exe) version 16.0.0.23211 and earlier. Schneider Electric has released version 16.0.0.23131 to address these vulnerabilities.

What this means

What could happen

An attacker with local access to a system running IGSS Dashboard could execute arbitrary code and potentially take control of your SCADA system, including altering process setpoints, halting operations, or causing unsafe plant states.

Who's at risk

Energy sector organizations operating Schneider Electric IGSS SCADA systems for power generation, transmission, or distribution are affected. This includes any facility using IGSS Dashboard for monitoring and controlling industrial processes, particularly utilities and large industrial sites managing critical infrastructure.

How it could be exploited

An attacker must have local access to a machine running the vulnerable IGSS Dashboard application. By exploiting the deserialization flaw, the attacker can load and execute malicious code with the privileges of the Dashboard process, potentially gaining full control over SCADA operations managed by that Dashboard instance.

Prerequisites

Local access to a system running IGSS Dashboard version 16.0.0.23211 or earlier
User interaction to open or process a malicious serialized object or file

affects control system (SCADA)local exploitation required (assumes attacker already has system access)low attack complexityrequires user interaction

Exploitability

Moderate exploit probability (EPSS 3.1%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Dashboard (DashBoard.exe): <=16.0.0.23211≤ 16.0.0.2321116.0.0.23131

Remediation & Mitigation

0/8

Do now

0/3

HARDENINGDisable 'Program' mode on all IGSS controllers when not actively programming

HARDENINGNever connect IGSS programming software or workstations to networks other than the intended control network

HARDENINGScan all removable media (USB drives, CDs) for malware before use on systems connected to IGSS networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Dashboard to version 16.0.0.23131 or later via IGSS Master > Update IGSS Software or from Schneider Electric support page

HARDENINGReview and implement Schneider Electric IGSS security guidelines for securing IGSS SCADA installations

Long-term hardening

0/3

HARDENINGIsolate IGSS SCADA control and safety system networks behind firewalls and from the business network

HARDENINGRestrict physical access to systems running IGSS Dashboard—use locked cabinets and prevent unauthorized personnel from accessing devices

HARDENINGImplement network segmentation to ensure IGSS systems are not directly accessible from the internet or business network

CVEs (2)

CVE-2023-3001 CVE-2023-4516

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0797e5e5-f261-44ea-8aed-99e6ce1f7f08