Schneider Electric SCADAPack Workbench

Risk Summary

Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker.

CVEs (1)

Remediations

• Schneider Electric is establishing a remediation plan for all future versions of SCADAPack Workbench that will include a fix for this vulnerability.
• Run SCADAPack Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.
• Do not open untrusted files with SCADAPack Workbench.
• Provide training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.
• Employ data loss prevention tools to help mitigate risk.
• Restrict communication from workstations running SCADAPack Workbench to external systems.
• Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.
• For more information see Schneider Electric's security notification SEVD-2022-087-01
• For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple Sectors