ICSA-21-159-04 · Published 2021-06-08 · View on CISA ICS-CERT ↗

Schneider Electric IGSS

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities may result in remote code execution, which could result in an attacker gaining access to the Windows Operating System on the machine used to import CGF and WSP files.

CVEs (13)

CVE-2021-22750 CVE-2021-22751 CVE-2021-22752 CVE-2021-22753 CVE-2021-22754 CVE-2021-22755 CVE-2021-22756 CVE-2021-22757 CVE-2021-22758 CVE-2021-22759 CVE-2021-22760 CVE-2021-22761 CVE-2021-22762

Remediations

Schneider Electric recommends users update to Version 15.0.0.21141 of the IGSS Definition module: Def.exe includes fixes for these vulnerabilities and is available for download through IGSS Master > Update IGSS Software, or at the link above.
If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploitation:
Avoid importing CGF and WSP files from untrusted sources.
Please see Schneider Electric's publication SEVD-2021-159-01 for more information.

Affected Vendors

Schneider Electric Software, LLC

Affected Products (1)

Schneider Electric Software, LLC · IGSS Definition (Def.exe) <= 15.0.0.21140

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more