ICSA-21-259-02
·
Published 2021-09-16
·
View on CISA ICS-CERT ↗
Schneider Electric EcoStruxure and SCADAPack
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of this vulnerability could result in code execution on the engineering workstation.
CVEs (1)
Remediations
- Store project files in a secure storage location and limit access to the files to only trusted users.
- When exchanging the files over the network, use secure communication protocols.
- Harden the workstations running EcoStruxure Control Expert, EcoStruxure Process Expert, or SCADAPack RemoteConnect.
- Compute a checksum on all project files and check the consistency of the checksum to verify the integrity before usage.
- Start the software without administrator rights to prevent the copying of extracted files in critical system folders.
- Users still using Unity Pro should strongly consider migrating to EcoStruxure Control Expert. Please contact the local Schneider Electric technical support for more information.
- To stay informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service.
Affected Vendors
Schneider Electric Software, LLC
Affected Products (3)
Schneider Electric Software, LLC
·
EcoStruxure Process Expert
vers:all/*
Schneider Electric Software, LLC
·
SCADAPack RemoteConnect for x70
vers:all/*
Schneider Electric Software, LLC
·
EcoStruxure Control Expert
vers:all/*
Affected Sectors
Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more