OTPulse
FeedAboutContact

OPC Factory Server

Monitor5SEVD-2023-129-01May 9, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

OPC Factory Server (OFS) is vulnerable to unauthorized read access of the file system due to CWE-611 (XML External Entity Injection). An attacker with local access and low-level user privileges could read sensitive files from the system hosting OFS, exposing configuration data, credentials, or other sensitive information used by connected Schneider Electric automation and electrical distribution devices.

What this means
What could happen
An attacker with local access to the OFS server could read sensitive configuration files and credentials, potentially compromising the security of connected automation devices and SCADA/DCS systems managing energy infrastructure. Exposed credentials could enable unauthorized access to PLC configurations, setpoint changes, or process monitoring systems.
Who's at risk
Energy utilities and industrial manufacturers operating Schneider Electric automation platforms with OPC Factory Server should prioritize this fix. OFS is commonly used to expose real-time data from PLCs, RTUs, and electrical distribution control systems to SCADA clients and enterprise systems. Compromised file access could leak credentials for field devices or reveal process logic tied to power distribution or generation equipment.
How it could be exploited
An attacker with local user credentials (low-privilege account) on the OFS server can supply a malicious input to trigger XML External Entity (XXE) injection, causing the OFS application to parse an external entity and leak file system contents. The attacker can then read sensitive files containing device credentials, connection strings, or automation logic configurations.
Prerequisites
  • Local access to the OPC Factory Server system
  • Valid user account credentials (low-privilege/unprivileged user)
  • User interaction required (attacker must prompt or trick user to process malicious input)
  • OFS version prior to 3.63SP2
No authentication required (local user access acceptable)Low complexity exploitation via XXE injectionAffects information confidentiality (file system read access)Requires user interaction
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
OPC Factory Server (OFS)<3.63SP23.63SP2
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local access to OPC Factory Server system to authorized engineering staff; disable or restrict unprivileged local user accounts where possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade OPC Factory Server to version 3.63SP2 or later
Long-term hardening
0/1
HARDENINGImplement file system access controls to limit OFS service account permissions to only required directories; remove read access to sensitive credential storage or configuration directories
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ce9e5a44-4a39-4ffa-95c4-143e2f71e29c