EcoStruxure Geo SCADA Expert

Monitor6.5SEVD-2020-343-02Dec 8, 2020

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Failure to apply remediations may result in the revealing of account credentials, which could lead to unauthorized system access to EcoStruxure Geo SCADA Expert software. The vulnerability affects Virtual ViewX settings and requires updates to either Virtual ViewX alone (if on separate server) or both Virtual ViewX and Geo SCADA Server components (if on same server).

What this means

What could happen

An attacker with disclosed credentials could gain unauthorized access to the SCADA system, potentially allowing them to view, modify, or disrupt control of remote assets across your infrastructure. Loss of credential confidentiality undermines access controls across your telemetry and remote asset management platform.

Who's at risk

Energy utilities and water authorities using EcoStruxure Geo SCADA Expert for remote asset management and supervisory control. Specifically affects organizations running 2019 or 2020 releases with unpatched versions. The SCADA software manages geographically dispersed infrastructure, making credential compromise particularly critical for operational security.

How it could be exploited

An attacker exploits improper credential storage in Virtual ViewX settings to extract account credentials. With valid credentials in hand, they can authenticate to the SCADA system and gain unauthorized administrative or operator access to control and monitor remote assets.

Prerequisites

Local access to the server hosting Virtual ViewX or Geo SCADA Server
High privilege (administrative) account on the server
Ability to read Virtual ViewX configuration files or settings database

Credential exposureNo authentication required to read unencrypted credentials from settingsLocal access only (reduces likelihood but impact is high)Affects central SCADA platform managing distributed infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1<81.7268.1|>81.7578.181.7613.1

EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1<83.7551.1|>83.7578.183.7613.1

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDManually apply the Virtual ViewX settings changes detailed in mitigation steps if automatic patching is not possible

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Geo SCADA Expert 2019 to version 81.7613.1 or later

HOTFIXUpdate EcoStruxure Geo SCADA Expert 2020 to version 83.7613.1 or later

HOTFIXIf Virtual ViewX is on a separate server, apply the update to Virtual ViewX; if on the same server as Geo SCADA Server, update both components

HARDENINGPlan updates during maintenance windows; be aware that software updates may require system reboots

Long-term hardening

0/1

HARDENINGTest patches in a development or offline environment before applying to production systems

CVEs (1)

CVE-2020-28219

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a05e18fa-f510-4a42-92af-61a3f045ebaa