IGSS (Interactive Graphical SCADA System)

Plan Patch8.8SEVD-2023-073-04Mar 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities exist in IGSS Data Server, Dashboard, and Custom Reports modules due to improper input validation (CWE-20), missing authentication (CWE-306), insecure deserialization (CWE-502), and path traversal (CWE-22). The IGSS Data Server exposes a TCP interface that other modules use to access SCADA system data. Exploitation could result in denial of service to dashboards and reports, modification or loss of report files, and remote code execution on the IGSS server, potentially causing loss of control over industrial processes running in production mode.

What this means

What could happen

An attacker could cause the SCADA system to become unavailable, modify or delete operational reports and dashboards, or execute commands on the IGSS server that could disrupt process monitoring and control of critical infrastructure.

Who's at risk

Energy and manufacturing facilities using IGSS for SCADA system monitoring and control, including water utilities, power utilities, and industrial plants that rely on IGSS to monitor and manage critical process operations. Operators of IGSS Data Server, Dashboard, and Custom Reports modules are most directly affected.

How it could be exploited

An attacker on the network sends a malicious request to the IGSS Data Server TCP interface (which exposes data from the SCADA system). The server fails to properly validate input or authenticate requests, allowing the attacker to inject commands or access the file system. If the IGSS system is running in production mode, this could result in remote code execution on the server.

Prerequisites

Network access to the IGSS Data Server TCP port
No authentication required (CWE-306 indicates authentication bypass vulnerability)
User interaction not required for some attacks (UI:R in CVSS indicates some paths need user click, but input validation failures may not)

remotely exploitableno authentication requiredlow complexity attackaffects SCADA/critical infrastructurehigh CVSS score (8.8)loss of operational visibility and control possible

Exploitability

Moderate exploit probability (EPSS 3.9%)

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

IGSS Data Server≤ 16.0.0.2304016.0.0.23041

IGSS Dashboard≤ 16.0.0.2304016.0.0.23041

Custom Reports≤ 16.0.0.23040No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

IGSS Data Server

WORKAROUNDRestrict network access to the IGSS Data Server TCP port to only authorized workstations and engineering systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

IGSS Data Server

HOTFIXUpdate IGSS Data Server to version 16.0.0.23041 or later

IGSS Dashboard

HOTFIXUpdate IGSS Dashboard to version 16.0.0.23041 or later

Mitigations - no patch available

0/2

Custom Reports has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment IGSS systems from untrusted networks and limit lateral movement from compromised systems

HARDENINGMonitor IGSS Report folder for unauthorized changes or deletions to reports and dashboards

CVEs (8)

CVE-2023-27980 CVE-2023-27982 CVE-2023-27978 CVE-2023-27981 CVE-2023-27984 CVE-2023-27977 CVE-2023-27979 CVE-2023-27983

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cf2f09ea-d7c7-4041-a4ce-083d70f4adf4