ICSA-19-290-01
·
Published 2019-12-19
·
View on CISA ICS-CERT ↗
AVEVA Vijeo Citect and Citect SCADA (Update A)
CVSS 7.5
HIGH
Risk Summary
The IEC870IP driver for AVEVA 's Vijeo Citect and Citect SCADA and Schneider Electric 's Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.
CVEs (1)
Remediations
- Vijeo Citect and Citect SCADA users using the IEC870IP driver v4.14.02 and prior are affected and should upgrade to the IEC870IP driver v4.15.00 (sign in required) as soon as possible.
- For addition information please see AVEVA Security Bulletin LFSEC00000139.
- For information on how to reach AVEVA support, please refer to this link (sign in required): AVEVA Software Global Customer Support.
- Power SCADA Operation users of the IEC870IP driver v4.14.02 and prior are affected and should upgrade to the IEC870IP driver v4.15.00 as soon as possible.
- For additional information please see Schneider Electric's security notification SEVD-2019-344-04.
- For further information related to cybersecurity in Schneider Electric's products, please visit the company's cybersecurity webpage at: Schneider Electric Cybersecurity.
Affected Vendors
AVEVA Software, LLC and Schneider Electric Software, LLC
Affected Products (1)
AVEVA Software, LLC and Schneider Electric Software, LLC
·
IEC870IP driver
<= 4.14.02
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more