EcoStruxure Geo SCADA Expert

Act Now9.1SEVD-2023-010-02Jan 10, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in EcoStruxure Geo SCADA Expert (formerly ClearSCADA) that allow an unauthenticated remote attacker to access sensitive system information, read SCADA configuration data, and cause denial of service. The vulnerabilities result from improper access controls and error handling in the server software. ClearSCADA is no longer supported and has no patch available.

What this means

What could happen

An attacker with network access to the SCADA server could read sensitive configuration data, operational parameters, and system information, or cause a denial of service that interrupts telemetry and remote control capabilities.

Who's at risk

Electric and water utilities using EcoStruxure Geo SCADA Expert for remote SCADA and telemetry operations are affected. This software is used to monitor and control distributed equipment such as substations, pumping stations, and transmission control points. End-of-life ClearSCADA users have no patch available and face the highest risk.

How it could be exploited

An attacker without authentication can send specially crafted requests to the EcoStruxure Geo SCADA Expert server over the network to either extract sensitive system and configuration data or trigger a condition that crashes or hangs the service, disrupting SCADA operations.

Prerequisites

Network access to the EcoStruxure Geo SCADA Expert server (typically port 4502 or configured telemetry port)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityhigh impact to confidentiality and availabilityno patch available for ClearSCADAaffects SCADA control systems

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

ClearSCADA All VersionsAll versionsNo fix (EOL)

EcoStruxure Geo SCADA Expert 2019≤ 81.8267.181.8333.1

EcoStruxure Geo SCADA Expert 2020≤ 83.8267.183.8332.1

EcoStruxure Geo SCADA Expert 2021≤ 84.8269.184.8335.2

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGFor ClearSCADA systems: implement network segmentation and firewall rules to restrict access to the SCADA server to only authorized workstations and control networks, as no vendor fix is available

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

EcoStruxure Geo SCADA Expert 2019

HOTFIXUpgrade EcoStruxure Geo SCADA Expert 2019 to version 81.8333.1 or later

EcoStruxure Geo SCADA Expert 2020

HOTFIXUpgrade EcoStruxure Geo SCADA Expert 2020 to version 83.8332.1 or later

EcoStruxure Geo SCADA Expert 2021

HOTFIXUpgrade EcoStruxure Geo SCADA Expert 2021 to version 84.8335.2 or later

Mitigations - no patch available

0/1

ClearSCADA All Versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan migration away from ClearSCADA to a supported and patchable version of EcoStruxure Geo SCADA Expert

CVEs (2)

CVE-2023-22610 CVE-2023-22611

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cf409ff5-2655-41d7-8ad8-da06388a88c1