OTPulse
FeedAboutContact

EcoStruxure Foxboro SCADA FoxRTU Station

Plan Patch7.3SEVD-2024-191-03Jul 9, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A path traversal vulnerability (CWE-22) in EcoStruxure Foxboro SCADA FoxRTU Station prior to version 9.3.0 allows local code execution. FoxRTU Station is a software tool used on engineering workstations to configure, diagnose, and manage the SCD2200 Remote Terminal Unit. Successful exploitation requires local access and user interaction (opening a malicious project file) but could result in arbitrary code execution on the RTU, enabling unauthorized modification of SCADA configurations, logic, and setpoints, or denial of service.

What this means
What could happen
An attacker with local access to an engineering workstation could execute arbitrary code on the FoxRTU Station, potentially allowing them to modify RTU configurations, alter setpoints, or disrupt SCADA operations controlling remote equipment.
Who's at risk
Energy sector operators managing SCD2200 Remote Terminal Units via EcoStruxure Foxboro SCADA systems should review this advisory. FoxRTU Station is used on engineering workstations for configuration and diagnostics of RTUs that control remote SCADA equipment in generation, transmission, and distribution systems.
How it could be exploited
An attacker with local access to a FoxRTU Station engineering workstation can exploit a path traversal vulnerability (CWE-22) in project file handling to execute arbitrary code. This requires user interaction to open a malicious project file, but once successful grants full control over RTU configuration and logic.
Prerequisites
  • Local access to engineering workstation running FoxRTU Station
  • User must open a malicious or compromised project file
  • FoxRTU Station version prior to 9.3.0
  • User interaction required (opening a file)
Local access requiredUser interaction needed (file opening)Allows code execution on RTU control softwareAffects SCADA configuration management
Exploitability
Moderate exploit probability (EPSS 4.5%)
Affected products (1)
ProductAffected VersionsFix Status
FoxRTU Station prior to v9.3.0<9.3.09.3.0
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGEncrypt and password-protect FoxRTU project files using the security procedures in User Guide B0780AE rev. P Chapter 12
HARDENINGRestrict local access to engineering workstations running FoxRTU Station to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FoxRTU Station to version 9.3.0 or later
Long-term hardening
0/1
HARDENINGImplement file integrity monitoring on FoxRTU project files to detect unauthorized modifications
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6fc3f691-88a2-4bb7-b0e8-fd887eddcbb5