EcoStruxure Geo SCADA Expert

Monitor6.8SEVD-2022-039-05Feb 8, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in EcoStruxure Geo SCADA Expert (formerly ClearSCADA) affect weak cryptographic implementations (CWE-326), improper certificate validation (CWE-295), and inadequate error handling (CWE-754). These weaknesses could allow attackers to impersonate operators, steal credentials, or gain unauthorized access to SCADA systems. ClearSCADA (all versions) and Geo SCADA Expert 2019/2020 have no fixes available. Geo SCADA Expert 2021 includes corrections for all vulnerabilities.

What this means

What could happen

An attacker with access to your network could impersonate legitimate operators or steal credentials, gaining unauthorized control over your SCADA system and ability to modify setpoints, disable alarms, or disrupt operations.

Who's at risk

Water utilities and electric utilities using Schneider Electric's Geo SCADA Expert (formerly ClearSCADA) for remote monitoring and telemetry. This affects older versions (2019 and 2020) that are widely deployed in municipal water treatment plants, pump stations, and distribution networks for remote oversight of critical infrastructure.

How it could be exploited

An attacker on the same network segment as the Geo SCADA Expert server or connected client could intercept or manipulate authentication mechanisms due to weak encryption (CWE-326, CWE-295) and improper error handling (CWE-754). This could allow credential harvesting or session hijacking without needing valid credentials initially.

Prerequisites

Network access to the same broadcast domain as Geo SCADA Expert clients or server
User interaction required (vulnerability triggered when a user performs certain actions)
No prior authentication needed to initiate the attack

No authentication required for exploitationLow attack complexityNo patch available for 2019 and 2020 versionsAffects SCADA telemetry and process controlSame-network access required (local network threat)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

ClearSCADA All versionsAll versionsNo fix (EOL)

EcoStruxure Geo SCADA Expert 2019 All versionsAll versionsNo fix (EOL)

EcoStruxure Geo SCADA Expert 2020 All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGIsolate Geo SCADA Expert servers and clients from untrusted networks using network segmentation (VLANs, firewalls)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to Geo SCADA Expert 2021 or later to receive fixes for all identified vulnerabilities

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: ClearSCADA All versions, EcoStruxure Geo SCADA Expert 2019 All versions, EcoStruxure Geo SCADA Expert 2020 All versions. Apply the following compensating controls:

HARDENINGMonitor network traffic to and from Geo SCADA Expert systems for suspicious authentication attempts or credential exposure

HARDENINGEnforce strong password policies and implement multi-factor authentication for operator accounts on Geo SCADA Expert

CVEs (4)

CVE-2022-24318 CVE-2022-24319 CVE-2022-24320 CVE-2022-24321

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/10dbcec1-eaf6-4818-b2a4-31c4149ee3ec