IGSS (Interactive Graphical SCADA System)

Plan Patch7.8SEVD-2021-068-01Mar 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric IGSS Definition (Def.exe) contains a buffer overflow vulnerability (CWE-119) that can be exploited when a user imports a malicious CGF (configuration) file. Successful exploitation allows remote code execution with the privileges of the user running Def.exe, typically an engineer or system integrator during system design or commissioning. The vulnerability affects IGSS Definition versions up to 15.0.0.21041.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running IGSS by sending a malicious CGF (configuration) file, potentially gaining full control of the Windows system and access to SCADA configuration data during design or commissioning activities.

Who's at risk

Engineering and operations teams at electric utilities, water authorities, and manufacturing plants that use Schneider Electric IGSS for SCADA system design, commissioning, and operation. Any organization with IGSS 15.0.0.21041 or earlier installed on engineering workstations is affected.

How it could be exploited

An attacker crafts a malicious CGF file and tricks an engineer into importing it during IGSS system configuration. When Def.exe parses the file, the vulnerability in file handling allows code execution with the privileges of the engineer's account. The attacker gains control of the workstation, which typically has direct network access to PLCs and control systems.

Prerequisites

User must open/import a malicious CGF file in IGSS Definition (Def.exe)
Engineering workstation running IGSS 15.0.0.21041 or earlier
Social engineering or file transfer mechanism to deliver the malicious CGF

Local/user-assisted attack vectorHigh impact on system confidentiality and integrityAffects engineering workstations with access to control systemsNo authentication required beyond file openingPotentially affects SCADA configuration data during design phase

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Definition (Def.exe)≤ 15.0.0.2104115.0.0.21042

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict file import operations to trusted sources only and validate CGF files before opening in production environments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Definition (Def.exe) to version 15.0.0.21042 or later using IGSS Master > Update IGSS Software

Long-term hardening

0/2

HARDENINGSegment engineering workstations from operational control networks to limit lateral movement if a workstation is compromised

HARDENINGImplement application whitelisting on engineering workstations to restrict code execution

CVEs (4)

CVE-2021-22709 CVE-2021-22710 CVE-2021-22711 CVE-2021-22712

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7fa3d276-1870-4137-8e7f-3d37064b1c67