PLC Simulator on EcoStruxure™ Control Expert and Process Expert
Act Now10SEVD-2020-315-07Nov 10, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric has identified multiple vulnerabilities in the PLC Simulator feature of EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, and Unity Pro. The PLC Simulator is a software tool that allows engineers to test and validate control configurations in a simulated environment before deployment. Exploitation could result in unauthorized command execution on the simulator or denial of service, allowing attackers to execute arbitrary code, modify test configurations, or prevent legitimate testing. The vulnerabilities include buffer overflow (CWE-120), weak authentication (CWE-307), and insecure code loading (CWE-494).
What this means
What could happen
An attacker could execute arbitrary commands on the PLC Simulator or cause it to stop responding, potentially disrupting testing and validation of industrial control logic before deployment to production systems. While the simulator is not intended for production use, compromise could allow unauthorized modification of control configurations or prevent legitimate operators from testing safety-critical changes.
Who's at risk
Engineering teams in energy and manufacturing sectors who use EcoStruxure™ Control Expert, Unity Pro, or EcoStruxure™ Process Expert software on workstations for testing and validating PLC control logic are affected. This includes anyone developing or commissioning programmable logic controllers used in power systems, water treatment, or industrial automation.
How it could be exploited
An attacker on the network could send a specially crafted request to the PLC Simulator software without authentication, exploiting buffer overflow, weak password validation, or other flaws to execute arbitrary code or crash the simulator process. The simulator typically runs on engineering workstations and can be reached remotely if connected to a corporate network without strict network segmentation.
Prerequisites
- Network access to the machine running PLC Simulator (typically port-based communication)
- No credentials required for exploitation
- PLC Simulator service must be running and network-accessible
remotely exploitableno authentication requiredlow complexity attackbuffer overflow vulnerabilityaffects engineering workstations and test environmentsno patch for two of three affected products
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
1 with fix2 EOL
ProductAffected VersionsFix Status
PLC Simulator for EcoStruxure™ Control Expert prior to v15.0 SP1<15.0 SP115.0 SP1
PLC Simulator for Unity Pro (former name of EcoStruxure™ Control Expert) all versionsAll versionsNo fix (EOL)
PLC Simulator for EcoStruxure™ Process Expert all versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDFor Unity Pro and EcoStruxure™ Process Expert (no patch available), isolate PLC Simulator machines from untrusted networks using firewall rules that restrict inbound access to simulator ports
WORKAROUNDDisable or uninstall the PLC Simulator feature if it is not actively in use in your engineering workflow
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate EcoStruxure™ Control Expert to version 15.0 SP1 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: PLC Simulator for Unity Pro (former name of EcoStruxure™ Control Expert) all versions, PLC Simulator for EcoStruxure™ Process Expert all versions. Apply the following compensating controls:
HARDENINGImplement network segmentation to ensure PLC Simulator runs only on isolated engineering workstations or air-gapped development networks, not on production networks
HARDENINGConsult the Schneider Electric Cybersecurity Application Note (March 2023 update) for additional specific mitigations
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b980cef1-129f-4dff-b30a-4c03fc884796