IGSS (Interactive Graphical SCADA System)

Plan Patch7.8SEVD-2021-159-01Jun 8, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in IGSS Definition (Def.exe) module allow remote code execution through malformed CGF (configuration) and WSP (workspace) files. Affected versions: V15.0.0.21041 and prior, V15.0.0.21140 and prior. Vulnerabilities include buffer overflows, out-of-bounds access, and use-after-free conditions (CWE-787, CWE-125, CWE-416, CWE-119, CWE-22). The IGSS product is a SCADA system for monitoring and controlling industrial processes and communicates with all major PLC drivers.

What this means

What could happen

An attacker could execute arbitrary code on the Windows workstation where IGSS configuration files (CGF or WSP) are imported during system design and commissioning. This could compromise the engineering workstation and potentially allow modification of control logic before deployment to PLCs and other field devices.

Who's at risk

Organizations in energy and manufacturing sectors that use Schneider Electric IGSS for SCADA engineering and design. Risk is highest for engineering workstations where configuration files are created, edited, or imported during system commissioning and maintenance.

How it could be exploited

An attacker creates a malicious CGF or WSP configuration file containing crafted input that triggers buffer overflow or use-after-free conditions in Def.exe. When an engineer imports this file into the IGSS Definition module (typically during system setup or reconfiguration), the application crashes or executes attacker-controlled code on the workstation with the privileges of the user running IGSS.

Prerequisites

IGSS Definition module (Def.exe) running vulnerable version on Windows workstation
User must manually import or open a malicious CGF or WSP file
Attacker must deliver the malicious file to the target (email, USB, shared drive, or web download)

Low complexity attackUser interaction required (file import)High EPSS score (0.6%)No patch available for older versionsAffects engineering/design systemsBuffer overflow and use-after-free conditions

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

IGSS Definition (Def.exe) V15.0.0.21041 and prior≤ 15.0.0.2104115.0.0.21141

IGSS Definition (Def.exe) V15.0.0.21140 and prior≤ 15.0.0.2114015.0.0.21141

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDWarn users not to import CGF or WSP files from untrusted sources until patched

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

IGSS Definition (Def.exe) V15.0.0.21041 and prior

HOTFIXUpgrade IGSS Definition (Def.exe) to version 15.0.0.21141 or later

Long-term hardening

0/3

HARDENINGRestrict access to IGSS engineering workstations and limit who can import or edit CGF and WSP files

HARDENINGImplement file validation and scanning processes for any CGF or WSP files before import

HARDENINGIsolate IGSS engineering workstations from the main network when not needed for remote updates or collaboration

CVEs (13)

CVE-2021-22750 CVE-2021-22751 CVE-2021-22752 CVE-2021-22753 CVE-2021-22754 CVE-2021-22755 CVE-2021-22756 CVE-2021-22757 CVE-2021-22758 CVE-2021-22759 CVE-2021-22760 CVE-2021-22761 CVE-2021-22762

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c19b3fe8-bc0a-4ccc-86e7-74d2a39709fc