Schneider Electric IGSS

Risk Summary

Successful exploitation of these vulnerabilities could result in a denial-of-service condition, as well as the loss, addition, or modification of dashboards or report files in the IGSS Report folder. Successful exploitation of these vulnerabilities could also allow remote code execution, potentially resulting in loss of control of the supervisory control and data acquisition (SCADA) System with IGSS running in production mode.

CVEs (8)

Remediations

• Version 16.0.0.23041 of IGSS Data Server, Dashboard and Custom Reports (RMS) includes corrections and mitigations for these vulnerabilities and is available for download through IGSS Master > Update IGSS Software; the update is also available directly from Schneider Electric.
• Schneider Electric recommends that users use appropriate patching methodologies when applying these patches to their systems. Schneider Electric recommends the use of back-ups and impact evaluating these patches in a test, development, or offline infrastructure environment, is strongly recommended. Users can contact Schneider Electric’s Customer Care Center for additional assistance.
• Additionally, if patching is not feasible, Schneider Electric recommends the following mitigations to reduce the risk of vulnerability exploitation:
• Read the Security Guideline for IGSS on securing an IGSS SCADA-installation.
• Ensure that the System Configuration module under Files, automatic backup is enabled for file backup.
• Strip report output from Excel output. In the System Configuration module under Reports, stripping of macros for the output engine can be enabled, reducing the risk of distributing an unsafe report.
• Verify that devices are isolated on a private network and that firewalls are configured with strict boundaries for devices that require remote access.Schneider Electric strongly recommends the following industry cybersecurity best practices.
• Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network.
• Install physical controls to help prevent unauthorized users from accessing industrial control and safety systems, components, peripheral equipment, and networks.
• Place all controllers in locked cabinets, and do not leave them in the “Program” mode.
• Only connect programming software to the network intended for that device.
• Scan all methods of mobile data exchange with the isolated network before use in the terminals or nodes connected to these networks.
• Properly sanitize mobile devices that have connected to another network before connecting to the intended network.
• Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the internet.
• When remote access is required, use secure methods, such as virtual private networks (VPNs).
• For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
• For more information, see Schneider Electric security notification SEVD-2023-073-04.

Affected Vendors

Affected Products (3)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy