IGSS (Interactive Graphical SCADA System)

Act Now9.8SEVD-2022-165-01Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric IGSS Data Server contains multiple vulnerabilities in its TCP interface that allow unauthenticated remote access. These flaws (CWE-306 missing authentication, CWE-120 buffer overflow) could enable remote code execution, unauthorized data modification or deletion in the Report folder, and denial of service. The Data Server is a core component used by other IGSS modules to access and manage SCADA system data. Successful exploitation in production mode could result in loss of process control and disclosure of sensitive operational data.

What this means

What could happen

An attacker could gain remote control over your SCADA Data Server without authentication, allowing them to alter process data, stop operations, or delete historical records stored in the Report folder. This could result in loss of visibility and control over your industrial processes.

Who's at risk

Energy utilities and manufacturing facilities using Schneider Electric IGSS for process monitoring and control. Specifically, any organization relying on IGSS Data Server for SCADA operations, process data access, and reporting should prioritize this update. Critical impact on water treatment, power distribution, and industrial automation where loss of control or data integrity is unacceptable.

How it could be exploited

An attacker with network access to the Data Server TCP interface (default or custom port) can send crafted requests that bypass authentication checks and trigger buffer overflow or input validation flaws. This allows direct code execution on the SCADA server or manipulation of data files without logging in.

Prerequisites

Network access to IGSS Data Server TCP port
No authentication credentials required
IGSS Data Server version 15.0.0.22170 or earlier running

remotely exploitableno authentication requiredlow complexityaffects SCADA control systemspotential for remote code executiondata loss and unauthorized modification risk

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (1)

ProductAffected VersionsFix Status

IGSS Data Server (IGSSdataServer.exe)≤ V15.0.0.22170V15.0.0.22171

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDIsolate IGSS Data Server TCP interface with firewall rules to restrict access to authorized engineering workstations and SCADA network segments only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IGSS Data Server to version 15.0.0.22171 or later via IGSS Master > Update IGSS Software

Long-term hardening

0/1

HARDENINGImplement network segmentation to prevent direct internet or untrusted network access to IGSS Data Server

CVEs (8)

CVE-2022-32528 CVE-2022-32522 CVE-2022-32523 CVE-2022-32524 CVE-2022-32525 CVE-2022-32526 CVE-2022-32527 CVE-2022-32529

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0b526e6c-e196-4b20-a4ff-fcd9bf1dd725