OTPulse

​​EcoStruxure™ OPC UA Server Expert​

MonitorCVSS 5.5SEVD-2023-192-02Jul 11, 2023
Schneider ElectricEnergyManufacturing
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A vulnerability in EcoStruxure™ OPC UA Server Expert and Modicon Communication Server allows local attackers to read arbitrary files on the system through an XML external entity (XXE) attack. The OPC UA Server Expert is a communications gateway that links Schneider Electric PLCs and devices to enterprise systems and IIoT platforms using the OPC UA standard. Exploitation requires local access and user interaction, but no authentication to the OPC UA service. Successful exploitation could disclose sensitive information including PLC connection credentials, process parameters, or system configuration details.

What this means
What could happen
An attacker with local access to a workstation running EcoStruxure OPC UA Server Expert could read sensitive configuration or operational data from the server, such as PLC connection details or process parameters.
Who's at risk
Organizations in energy and manufacturing sectors running Schneider Electric's EcoStruxure OPC UA Server Expert or Modicon Communication Server should assess their exposure. This affects server/gateway platforms that bridge PLCs and other automation devices to enterprise systems and the Industrial Internet of Things (IIoT).
How it could be exploited
An attacker with local access to the server workstation could exploit an XML external entity (XXE) vulnerability to read arbitrary files from the system. This requires the attacker to interact with the application locally (e.g., trick a user into opening a malicious file), but no authentication to the OPC UA service itself is needed.
Prerequisites
  • Local access to the EcoStruxure OPC UA Server Expert workstation
  • User interaction required (opening a malicious file or input)
  • Running vulnerable version < SV2.01 SP2
XML external entity (XXE) vulnerabilityLocal access requiredUser interaction requiredLow attack complexitySensitive data disclosure risk
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EcoStruxure™ OPC UA Server Expert < SV2.01 SP2< SV2.01 SP2SV2.01 SP2
Modicon Communication Server< SV2.01 SP2SV2.01 SP2
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDImplement application whitelisting or file type restrictions on the server workstation to prevent execution of untrusted files
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Modicon Communication Server
HOTFIXUpdate Modicon Communication Server to version SV2.01 SP2 or later
All products
HOTFIXUpdate EcoStruxure OPC UA Server Expert to version SV2.01 SP2 or later
Long-term hardening
0/1
HARDENINGRestrict local access to EcoStruxure OPC UA Server Expert workstations to authorized personnel only
View full Schneider Electric advisory
API: /api/v1/advisories/0828d036-cc2e-45fe-bbc3-c454246752db

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

​​EcoStruxure™ OPC UA Server Expert​ | CVSS 5.5 - OTPulse