OTPulse
FeedAboutContact

Foxboro SCADA

Low RiskSEVD-2023-164-03Jun 13, 2023
Summary

A vulnerability in the AVEVA InTouch component included in Foxboro SCADA allows cleartext information stored in memory to be read, potentially leaking sensitive data including passwords.

What this means
What could happen
An attacker with access to a Foxboro SCADA system could extract passwords and other sensitive credentials from system memory, allowing further compromise of the SCADA platform and connected industrial control equipment.
Who's at risk
Electric utilities and water authorities using Foxboro SCADA software for remote monitoring and control should care. The vulnerability affects all versions of Foxboro SCADA that include the AVEVA InTouch component, which is commonly used in energy sector SCADA deployments for plant monitoring, alarm management, and operator interface.
How it could be exploited
An attacker with network or physical access to a Foxboro SCADA workstation can read cleartext credentials stored in the InTouch component's memory. This enables the attacker to obtain engineering workstation credentials or system passwords, which can then be used to reconfigure setpoints, disable alarms, or disable safety interlocks on connected equipment.
Prerequisites
  • Local or network access to a Foxboro SCADA workstation running the vulnerable AVEVA InTouch component
  • Ability to execute code or attach a debugger on the affected system
  • No authentication required to read memory contents
no patch availablecredentials exposurememory disclosureaffects SCADA platform
Affected products (1)
ProductAffected VersionsFix Status
Foxboro SCADA All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4
HARDENINGIsolate Foxboro SCADA and control system networks behind firewalls, separate from business networks and the Internet
HARDENINGRestrict physical access to SCADA workstations and controllers; keep controllers out of 'Program' mode when not in active use
HARDENINGNever connect Foxboro programming software to any network other than the isolated control system network
HARDENINGPrevent mobile devices that have connected to other networks from accessing SCADA systems without prior sanitization
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGScan all removable media (USB drives, CDs) with antivirus before use on SCADA networks
Mitigations - no patch available
0/1
Foxboro SCADA All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIf remote access is required for engineering or support, use secure VPN methods and keep VPN software updated
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8ddc5f9a-60cf-45fe-be52-ea2ed8d308ef