Schneider Electric Uni-Telway Driver (Update C)

Monitor5.5ICS-CERT ICSA-25-070-01Feb 11, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric has identified a vulnerability in the Uni-Telway driver, which is used by EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, EcoStruxure™ Process Expert for AVEVA System Platform, and OPC Factory Server. The vulnerability allows a local attacker to cause a denial of service condition on the engineering workstation by triggering improper input validation (CWE-20). No patch is currently available; mitigation strategies focus on network segmentation and access controls.

What this means

What could happen

A local attacker could crash the engineering workstation running Uni-Telway driver, interrupting engineering operations and preventing software updates or configuration changes to control systems until the workstation is restarted.

Who's at risk

Energy sector organizations using Schneider Electric engineering tools—specifically those deploying EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, or OPC Factory Server for plant automation and control—should be aware that engineering workstations running these products are vulnerable to denial of service attacks.

How it could be exploited

An attacker with local access to the engineering workstation (or one that can be reached from within the network) sends malformed input to the Uni-Telway driver. The driver fails to properly validate the input, causing it to crash or hang, denying service to engineering staff.

Prerequisites

Local access to the engineering workstation running the affected software
Or network access to the workstation with ability to send network traffic to the driver
User-level privileges on the workstation

Low complexity exploitationRequires local or network accessNo patch availableDenial of service impact on engineering operations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

1 pending4 EOL

ProductAffected VersionsFix Status

EcoStruxure™ Process Expert for AVEVA System Platform All versionsAll versionsNo fix (EOL)

Uni-Telway driver All versionsAll versionsNo fix (EOL)

EcoStruxure™ Control Expert All versionsAll versionsNo fix (EOL)

EcoStruxure™ Process Expert All versionsAll versionsNo fix yet

OPC Factory Server All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/7

Mitigations - no patch available

0/7

The following products have reached End of Life with no planned fix: EcoStruxure™ Process Expert for AVEVA System Platform All versions, Uni-Telway driver All versions, EcoStruxure™ Control Expert All versions, OPC Factory Server All versions. Apply the following compensating controls:

HARDENINGIsolate engineering workstations running EcoStruxure products from the business network using firewalls and network segmentation

HARDENINGRestrict physical access to engineering workstations with locked cabinets and limit who can physically access them

HARDENINGPrevent unauthorized network connections to engineering workstations; never connect programming software to networks other than the intended control network

HARDENINGScan all removable media (USB drives, CDs) before connecting them to engineering workstations on the control network

HARDENINGMonitor and control mobile device access to engineering workstations; do not allow devices that have connected to other networks unless properly sanitized

HARDENINGEnsure engineering workstations are not directly accessible from the Internet or untrusted networks

HARDENINGIf remote access to engineering workstations is required, use VPN and ensure VPN software is kept up to date

CVEs (1)

CVE-2024-10083

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a9ac9449-0e3a-4b1d-9e6d-c34fe8960599