Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)

CVEs (1)

Remediations

• Version R3.4.2 RemoteConnect configuration software includes a fix for this vulnerability and is available for download here:https://www.se.com/ww/en/download/document/RemoteConnect/
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: Schneider Electric is establishing a remediation plan for all future versions of Security Administrator configuration software that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:• Only open project files received from a trusted source. • Compute a hash of the project files and regularly check the consistency of this hash to verify the integrity before usage.• Encrypt project file when stored and restrict the access to only trusted users. • When exchanging files over the network, use secure communication protocols. • Follow the SCADAPack™ Security Guidelines
• Schneider Electric is establishing a remediation plan for all future versions of Security Administrator configuration software that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:• Only open project files received from a trusted source. • Compute a hash of the project files and regularly check the consistency of this hash to verify the integrity before usage.• Encrypt project file when stored and restrict the access to only trusted users. • When exchanging files over the network, use secure communication protocols. • Follow the SCADAPack™ Security Guidelines

Affected Vendors

Affected Products (3)

Affected Sectors

Energy, Critical Manufacturing