ICSA-20-324-04 · Published 2020-11-17 · View on CISA ICS-CERT ↗

Schneider Electric Interactive Graphical SCADA System (IGSS)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities may result in remote code execution.

CVE-2020-7550 CVE-2020-7551 CVE-2020-7552 CVE-2020-7553 CVE-2020-7554 CVE-2020-7555 CVE-2020-7556 CVE-2020-7557 CVE-2020-7558

Schneider Electric has provided a new version of the IGSS Definition module to address these vulnerabilities. Users are recommended to update to IGSS Version 14.0.0.20248
Avoid importing CGF files from untrusted sources
Users should also consider upgrading to the latest product offering IGSS v15 to resolve this issue.
For more information, see Schneider Electric security notification SEVD-2020-315-03

Schneider Electric Software, LLC

Schneider Electric Software, LLC · IGSS Definition (Def.exe) <= 14.0.0.20247

Commercial Facilities, Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.