OTPulse
FeedAboutContact

EcoStruxure Geo SCADA Expert

Monitor6.7SEVD-2021-130-07May 11, 2021
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric's EcoStruxure Geo SCADA Expert (formerly ClearSCADA) products use weak password storage mechanisms that allow authenticated local users to extract account credentials. The vulnerability affects ClearSCADA (all versions), Geo SCADA Expert 2019 (all versions), and Geo SCADA Expert 2020 up to version 83.7742.1. Extracted credentials could enable unauthorized administrative access to the SCADA system, risking unauthorized modification of remote telemetry data and process control commands. Geo SCADA Expert 2020 was patched in April 2021 (version 83.7787.1) with improved password storage security. ClearSCADA and 2019 versions have no fix available.

What this means
What could happen
Weak password storage in the SCADA server allows authenticated local users to extract and reveal account credentials, enabling unauthorized system access and potential tampering with grid operations or telemetry data.
Who's at risk
This affects energy sector utilities operating EcoStruxure Geo SCADA Expert (2019 and 2020) or legacy ClearSCADA servers for telemetry and remote grid management. Operators of water treatment plants and electric distribution networks that rely on these SCADA platforms for monitoring pumps, substations, and remote field devices are at risk if server access is not restricted.
How it could be exploited
An attacker with local access to the SCADA server (via compromised engineering workstation, direct server access, or insider threat) can read stored password hashes or encrypted credentials from the system and crack or decrypt them to gain full administrative access to the SCADA platform, bypassing normal authentication.
Prerequisites
  • Local access to the SCADA server or database files
  • Engineering workstation credentials or local system access
  • Ability to read password storage location on server
no patch available for ClearSCADA and 2019 versionlocal access required but insider threat risk is significantaffects SCADA credential storagepassword compromise enables unauthorized system access
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
1 with fix2 EOL
ProductAffected VersionsFix Status
ClearSCADA All VersionsAll versionsNo fix (EOL)
EcoStruxure Geo SCADA Expert 2019 All VersionsAll versionsNo fix (EOL)
EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior≤ 83.7742.183.7787.1
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical and network access to SCADA servers to authorized engineering personnel only; implement access controls on server rooms and remote access points
WORKAROUNDRotate all SCADA system user account passwords after patching to ensure any previously exposed credentials are invalidated
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Geo SCADA Expert 2020 to version 83.7787.1 (April 2021 release) or later
HARDENINGTest patches in offline lab environment before deployment to production systems; plan maintenance window for server restart or redundant server changeover
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions. Apply the following compensating controls:
HARDENINGFor ClearSCADA and Geo SCADA Expert 2019: contact Schneider Electric to confirm end-of-life status and plan migration path to supported version
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6a2e5076-d101-43e8-80fe-2f466aafec0a
EcoStruxure Geo SCADA Expert | CVSS 6.7 - OTPulse