Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)

Monitor7.8ICS-CERT ICSA-25-028-06Jan 14, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Vulnerability in Schneider Electric RemoteConnect and SCADAPack™ x70 Utilities software involving insecure deserialization of untrusted data. The RemoteConnect configuration software is used to configure and manage communications and operations for SCADAPack™ x70 devices. Exploitation could result in loss of confidentiality, integrity, and potential remote code execution on the compromised workstation.

What this means

What could happen

An attacker who tricks an engineer into opening a malicious project file could execute arbitrary code on their workstation, potentially gaining access to sensitive SCADAPack x70 device configurations or deploying malware into the facility network.

Who's at risk

Energy sector utilities and facility operators who use RemoteConnect configuration software to manage SCADAPack x70 telemetry and SCADA devices. This impacts engineering workstations and administrative machines that run the RemoteConnect or Security Administrator software to configure remote terminal units, master stations, or data acquisition devices.

How it could be exploited

An attacker sends a specially crafted RemoteConnect project file to a facility engineer. When the engineer opens the file in RemoteConnect configuration software, the deserialization vulnerability allows the attacker's embedded code to execute on the workstation with the privileges of the user running the software.

Prerequisites

Engineer must open a malicious project file
Project file must come from untrusted source (social engineering or compromised delivery mechanism)
RemoteConnect or Security Administrator software must be installed and running on the target workstation

No authentication required to trigger vulnerabilityLow complexity attack (social engineering)Affects configuration and administrative toolsNo patch available for Security Administrator all versions

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

RemoteConnect and SCADAPack™ x70 Utilities - RemoteConnect< R3.4.2No fix yet

RemoteConnect and SCADAPack™ x70 Utilities - Security Administrator All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDOnly open RemoteConnect project files from trusted sources; verify file integrity using hash checking before opening

HARDENINGEncrypt RemoteConnect project files at rest and restrict file access to authorized users only

HARDENINGUse secure communication protocols (encrypted channels) when exchanging project files over the network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RemoteConnect configuration software to version R3.4.2 or later

Long-term hardening

0/1

HARDENINGFollow Schneider Electric SCADAPack Security Guidelines for all configuration and operational practices

CVEs (1)

CVE-2024-12703

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ee020967-fde2-4731-93d3-569ed310b045