← Back to home
ICSA-18-144-01  ·  Published 2018-05-24  ·  View on CISA ICS-CERT ↗

Schneider Electric Floating License Manager

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.

CVEs (3)

Remediations

  • Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software
  • Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)
  • StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch
  • EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2.
  • Schneider Electric has also released security notifications which contain further details and upgrade
  • Schneider Electric has also released security notifications which contain further details and upgrade

Affected Vendors

Schneider Electric Software, LLC

Affected Products (12)

Schneider Electric Software, LLC · EcoStruxure Modicon Builder <= 3.0
Schneider Electric Software, LLC · EcoStruxure Power Monitoring Expert 8.2 (Standard DC HC Editions)
Schneider Electric Software, LLC · SCADA Expert Vijeo Citect / CitectSCADA 7.30 | 7.40
Schneider Electric Software, LLC · Energy Expert 1.x (formerly Power Manager)
Schneider Electric Software, LLC · EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)
Schneider Electric Software, LLC · StruxureWare Power Monitoring Expert 7.2.x
Schneider Electric Software, LLC · Vijeo Historian/CitectHistorian 4.40 | 4.50
Schneider Electric Software, LLC · StruxureWare Power Monitoring Expert 8.1 (Standard DC HC Editions)
Schneider Electric Software, LLC · PlantStruxure PES <=8.1 (Standard DC HC Editions)
Schneider Electric Software, LLC · StruxureWare Power Monitoring Expert 8.0 (Standard DC HC Buildings Editions)
Schneider Electric Software, LLC · CitectSCADA 2015 | 2016
Schneider Electric Software, LLC · CitectHistorian 2016

Affected Sectors

Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more