Schneider Electric IGSS

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain code execution, read/delete files, and create arbitrary files.

CVEs (4)

Remediations

• Schneider Electric recommends users update to Version 15.0.0.21244 of the IGSS DC module. Please note, dc.exe includes fixes for these vulnerabilities and is available for download through IGSS Master > Update IGSS Software or at the IGSS update link.
• Users should employ appropriate patching methodologies. Schneider Electric strongly recommends the use of backups as well as an evaluation of the impact of these patches in a test and development environment or an offline infrastructure. Contact Schneider Electric's Customer Care Center if you need assistance removing a patch.
• If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:
• Only accept incoming connections from machines, which names have been added as a station in the IGSS System Configuration module by setting the registry key called “MatchWinName” to 1 under: “HKEY_CURRENT_USER\SOFTWARE\SchneiderElectric\IGSS32\V15.00.00\DC_HKLM\”
• Follow the general security recommendation below and verify devices are isolated on a private network and firewalls are configured with strict boundaries for devices that require remote access.
• For more information see Schneider Electric's security notification: SEVD-2021-285-03

Affected Vendors

Affected Products (1)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy