← Back to home
ICSA-13-350-01A  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Schneider Electric CitectSCADA Products Exception Handler Vulnerability (Update A)

CVSS 7.8 HIGH

CVEs (1)

Remediations

  • Some customers may have experienced a crash after applying the “security & quality fix” released on December 16, 2013. Schneider Electric has determined that the problem is within the quality portion of the fix. They have removed the quality fix from the release and have issued a new patch containing only the security update for this vulnerability.
  • Schneider Electric has developed a cumulative patch that addresses the above security issue as well as a separate quality issue. These patches are available for all products affected: HF740RTM60777.1 for SCADA Expert Vijeo Citect v7.40, (http://www.citect.schneider-electric.com/se-vjc-HF740RTM607771), HF730SP160775.1 for Vijeo Citect v7.30 SP1, (http://www.citect.schneider-electric.com/vc-HF730SP1607751), HF720SP460769.1 for Vijeo Citect v7.20 SP4, (http://www.citect.schneider-electric.com/vc-HF720SP4607691), HF740RTM60777.1 for CitectSCADA v7.40, (http://www.citect.schneider-electric.com/cs-HF740RTM607771), HF730SP160775.1 for CitectSCADA v7.30 SP1, (http://www.citect.schneider-electric.com/cs-HF730SP1607751), HF720SP460769.1 for CitectSCADA v7.20 SP4, (http://www.citect.schneider-electric.com/cs-HF720SP4607691), HF730SP1608004 for PowerSCADA Expert v7.30 SR1, (http://www.citect.schneider-electric.com/pse-HF730SP160804), HF720SP460803 for PowerLogic SCADA v7.20 SR1, (http://www.citect.schneider-electric.com/pls-HF720SP460803)
  • Schneider Electric recommends all customers using the affected software packages listed above download and apply the relevant patch. They have published a notification that tells more about this security issue and a quality issue not discussed here. Customers with access may find it here: (http://www.citect.schneider-electric.com/security-DoS)
  • SCADA Expert Vijeo Citect or CitectSCADA customers may contact the SCADA & MES Software Global Support Centre for more information at the following location: (http://www.citect.schneider-electric.com/contact-support)
  • PowerSCADA Expert or PowerLogic SCADA customers may contact their local country support organization at the following locations: (http://www2.schneider-electric.com/sites/corporate/en/support/support.page)
  • or (http://www.schneider-electric.com/sites/corporate/en/support/operations/local-operations/local-operations.page)

Affected Vendors

Schneider Electric

Affected Products (5)

Schneider Electric · StruxureWare SCADA Expert Vijeo Citect v7.40
Schneider Electric · Vijeo Citect >=v7.20|<v7.30SP1
Schneider Electric · CitectSCADA >=v7.20|<v7.30SP1
Schneider Electric · StruxureWare PowerSCADA Expert >=v7.30|<v7.30SR1
Schneider Electric · PowerLogic SCADA >=v7.20|<v7.20SR1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more