IGSS (Interactive Graphical SCADA System)

Act Now9.8SEVD-2022-102-01Apr 12, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

IGSS Data Server contains a buffer overflow and integer overflow vulnerability in its TCP message parsing. The Data Server is the central data repository accessed by all IGSS client modules. Remote exploitation allows unauthenticated code execution, leading to data breach and loss of SCADA control during production operation.

What this means

What could happen

An attacker can remotely run arbitrary commands on the IGSS Data Server without authentication, potentially gaining full control of your SCADA system and all monitored/controlled processes.

Who's at risk

Energy sector operators, manufacturing facilities, and utilities running Schneider Electric IGSS SCADA systems for process monitoring and control. Any facility relying on IGSS for critical operational oversight.

How it could be exploited

An attacker sends a malformed message to the Data Server's TCP interface (port 13000 or configured alternate). The vulnerability in message parsing allows buffer overflow or integer overflow, enabling code execution. No credentials or user interaction required.

Prerequisites

Network reachability to IGSS Data Server TCP port (default 13000)
IGSS Data Server running and accessible from attacker's network
No authentication credentials required

remotely exploitableno authentication requiredlow complexityaffects SCADA control systemCVSS critical (9.8)loss of operational control possible

Exploitability

Moderate exploit probability (EPSS 2.4%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Data Server (IGSSdataServer.exe)≤ 15.0.0.2207315.0.0.22074

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to IGSS Data Server TCP port to only authorized engineering workstations and control network segments using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade IGSS Data Server to version 15.0.0.22074 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SCADA system from corporate IT and untrusted networks

CVEs (2)

CVE-2022-24324 CVE-2022-2329

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a2ede50-8efc-48d4-872f-b4b747e5cb02