ICSA-20-084-02
·
Published 2020-03-24
·
View on CISA ICS-CERT ↗
Schneider Electric IGSS SCADA Software
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions.
CVEs (2)
Remediations
- Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. Users are recommended to update to IGSS Version 14.
- Alternatively, the following workarounds and mitigations can be applied to reduce risk:
- Disable the IGSS Update service when it is not required installing updates using the service.
- Keep the infrastructure offline and do not allow Windows login and network access for untrusted people and sources.
- For more information, see the Schneider Electric security notification.
Affected Vendors
Schneider Electric Software, LLC
Affected Products (1)
Schneider Electric Software, LLC
·
IGSS (Interactive Graphical SCADA System)
<= 14
Affected Sectors
Commercial Facilities, Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more