ICSA-17-187-04
·
Published 2017-07-06
·
View on CISA ICS-CERT ↗
Schneider Electric Wonderware ArchestrA Logger
CVSS 9.8
CRITICAL
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit.
CVEs (3)
Remediations
- Schneider Electric recommends that users of any Wonderware, Avantis, SimSci, or Skelta product that installs the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior should apply the Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 as soon as possible.
- Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 (requires login): https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22429
- For more information about this vulnerability and patch, please refer to Schneider Electric Security Bulletin LFSec00000116, which is available at the following location:
Affected Vendors
Schneider Electric Software, LLC
Affected Products (1)
Schneider Electric Software, LLC
·
Wonderware ArchestrA Logger
<= 2017.426.2307.1
Affected Sectors
Critical Manufacturing, Dams, Defense Industrial Base, Energy, Food and Agriculture, Government Facilities, Nuclear Reactors, Materials, and Waste, Transportation Systems, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more