EcoStruxureTM Geo SCADA Expert

Monitor5.3SEVD-2023-045-01Feb 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

EcoStruxure Geo SCADA Expert and ClearSCADA contain an input validation flaw (CWE-117) that allows an attacker to inject arbitrary text into product log files without authentication. An attacker could falsify log entries or fill logs with garbage data, compromising the integrity of audit trails that operators use for troubleshooting and compliance purposes.

What this means

What could happen

An attacker could inject false entries into SCADA log files or fill them with garbage data, compromising the integrity of audit logs that operators and engineers rely on to track system changes and troubleshoot incidents.

Who's at risk

Electric utilities and energy providers running EcoStruxure Geo SCADA Expert or ClearSCADA for remote SCADA operations and telemetry monitoring. This affects operators who depend on log files for audit trails and incident investigation.

How it could be exploited

An attacker with network access to the EcoStruxure Geo SCADA Expert server could send specially crafted requests that bypass input validation on log file operations, allowing arbitrary text injection into log entries without requiring authentication or user interaction.

Prerequisites

Network access to the EcoStruxure Geo SCADA Expert server
No authentication required

remotely exploitableno authentication requiredlow complexityaffects audit and compliance records

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

EcoStruxureTM Geo SCADA Expert 2021≤ 84.8269.184.8335.2

EcoStruxureTM Geo SCADA Expert 2020≤ 83.8267.183.8332.1

EcoStruxureTM Geo SCADA Expert 2019≤ 81.8267.181.8333.1

ClearSCADA≤ 80.8015.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

ClearSCADA

HARDENINGFor ClearSCADA systems with no vendor fix available, implement network segmentation and firewall rules to restrict access to the SCADA server to only trusted engineering workstations and operations terminals

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Geo SCADA Expert 2021 to version 84.8335.2 or later

HOTFIXUpdate EcoStruxure Geo SCADA Expert 2020 to version 83.8332.1 or later

HOTFIXUpdate EcoStruxure Geo SCADA Expert 2019 to version 81.8333.1 or later

Mitigations - no patch available

0/1

ClearSCADA has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGConfigure client and server certificates and restrict connections to only client versions that support certificate-based authentication

CVEs (1)

CVE-2023-0595

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bddc6dd6-a82e-4222-89b7-e5e516c80dff