EcoStruxure™ Power Operation 2021, EcoStruxure™ Power SCADA Operation 2020 and EcoStruxure™ Power SCADA Operation 2020 R2
Monitor7.5SEVD-2023-010-03Jan 10, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the IEC 61850 communication driver used by EcoStruxure Power Operation 2021 and EcoStruxure Power SCADA Operation 2020/2020 R2 can be exploited remotely via specially crafted protocol messages. The flaw causes an improper memory access (CWE-824) that crashes the driver, resulting in loss of communication to substations and downstream power control devices. Affected versions include all maintenance updates of these releases. Schneider Electric has not provided a permanent fix for these product versions and recommends only the driver package update as available remediation.
What this means
What could happen
An attacker can send specially crafted network packets over the IEC 61850 protocol to crash the communication driver, causing the SCADA software to lose connection to monitored substations and control devices. This could prevent operators from seeing real-time status of the power grid or responding to outages.
Who's at risk
Electric utilities and power generators using EcoStruxure Power Operation or Power SCADA Operation software for monitoring substations and power distribution equipment. This affects any organization relying on IEC 61850 protocol connections from their SCADA master to remote terminal units (RTUs), protective relays, or intelligent electronic devices (IEDs) in the field.
How it could be exploited
An attacker with network access to the EcoStruxure software host sends malformed IEC 61850 protocol messages to the 61850 communication port. The vulnerability in the driver causes a memory fault that crashes the driver process, severing communication to downstream devices like protective relays and circuit breakers that depend on the SCADA connection.
Prerequisites
- Network access to the EcoStruxure host on the port used by the IEC 61850 driver (typically port 102)
- The IEC 61850 driver must be active and listening for incoming connections
- No authentication required to send malformed packets
remotely exploitableno authentication requiredlow complexityaffects operational visibility and controlno patch available yet
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
EcoStruxure™ Power SCADA Operation 20202020 & 2020 CU1No fix yet
EcoStruxure™ Power SCADA Operation 2020 R22020 R2 & 2020 R2 CU1, 2020 R2 CU2, & 2020 R2 CU3No fix yet
EcoStruxure™ Power Operation 20212021, 2021 CU1, 2021 CU2 & 2021 CU3No fix yet
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the EcoStruxure software host using firewall rules to allow only trusted substation devices and engineering workstations to connect to the IEC 61850 communication port
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXDownload and apply the updated IEC 61850 driver package from Schneider Electric community portal at https://community.se.com/t5/EcoStruxure-Power-Operation/IEC61850-Driver-Latest-Release/m-p/150118
Long-term hardening
0/1HARDENINGSegment the SCADA network so that the EcoStruxure hosts are isolated from untrusted networks and the corporate IT environment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/92b56fda-524c-4bfc-94e7-c40b1a0be487