EcoStruxure Geo SCADA Expert

MonitorCVSS 6.7SEVD-2021-130-07May 11, 2021

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric's EcoStruxure Geo SCADA Expert (formerly ClearSCADA) products use weak password storage mechanisms that allow authenticated local users to extract account credentials. The vulnerability affects ClearSCADA (all versions), Geo SCADA Expert 2019 (all versions), and Geo SCADA Expert 2020 up to version 83.7742.1. Extracted credentials could enable unauthorized administrative access to the SCADA system, risking unauthorized modification of remote telemetry data and process control commands. Geo SCADA Expert 2020 was patched in April 2021 (version 83.7787.1) with improved password storage security. ClearSCADA and 2019 versions have no fix available.

What this means

What could happen

Weak password storage in the SCADA server allows authenticated local users to extract and reveal account credentials, enabling unauthorized system access and potential tampering with grid operations or telemetry data.

Who's at risk

This affects energy sector utilities operating EcoStruxure Geo SCADA Expert (2019 and 2020) or legacy ClearSCADA servers for telemetry and remote grid management. Operators of water treatment plants and electric distribution networks that rely on these SCADA platforms for monitoring pumps, substations, and remote field devices are at risk if server access is not restricted.

How it could be exploited

An attacker with local access to the SCADA server (via compromised engineering workstation, direct server access, or insider threat) can read stored password hashes or encrypted credentials from the system and crack or decrypt them to gain full administrative access to the SCADA platform, bypassing normal authentication.

Prerequisites

Local access to the SCADA server or database files
Engineering workstation credentials or local system access
Ability to read password storage location on server

no patch available for ClearSCADA and 2019 versionlocal access required but insider threat risk is significantaffects SCADA credential storagepassword compromise enables unauthorized system access

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

1 with fix2 EOL

ProductAffected VersionsFix Status

ClearSCADA All VersionsAll versionsNo fix (EOL)

EcoStruxure Geo SCADA Expert 2019 All VersionsAll versionsNo fix (EOL)

EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior≤ 83.7742.183.7787.1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict physical and network access to SCADA servers to authorized engineering personnel only; implement access controls on server rooms and remote access points

WORKAROUNDRotate all SCADA system user account passwords after patching to ensure any previously exposed credentials are invalidated

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Geo SCADA Expert 2020 to version 83.7787.1 (April 2021 release) or later

HARDENINGTest patches in offline lab environment before deployment to production systems; plan maintenance window for server restart or redundant server changeover

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions. Apply the following compensating controls:

HARDENINGFor ClearSCADA and Geo SCADA Expert 2019: contact Schneider Electric to confirm end-of-life status and plan migration path to supported version

CVEs (1)

CVE-2021-22741

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a2e5076-d101-43e8-80fe-2f466aafec0a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.