Schneider Electric EcoStruxure (Update D)

CVEs (1)

Remediations

• Version 16.2 of EcoStruxure™ Control Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/ Reboot the computer after installation is completed.
• Version V7.0.18 of EcoStruxure™ Architecture Builder includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/195445393-ecostruxure-architecture-builder/ - software-and-firmware
• Version V4.0SP1 of EcoStruxure™ Control Expert Asset Link includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/ECALV40SP1/
• Version V6.3SP1 HF1 of Vijeo Designer includes a fix for this vulnerability. Please contact your Schneider Electric Customer Support https://www.se.com/ww/en/work/support/country-selector/contact-us.jsp to get Vijeo Designer version V6.3SP1 HF1 software.
• Schneider Electric is establishing a remediation plan for all future versions of the following that will include a fix for this vulnerability: • EcoStruxure™ Process Expert • EcoStruxure™ OPC UA Server Expert • EcoStruxure™ Machine SCADA Expert - Asset Link • EcoStruxure™ Operator Terminal Expert • EcoStruxure™ Machine Expert including EcoStruxure™ Machine Expert Safety • EcoStruxure™ Machine Expert Twin • Zelio Soft 2 We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: • Limit authenticated user access to the workstation and implement existing User Account Control practices. • Follow workstation, network and site-hardening guidelines in the Recommended Cybersecurity Best Practices guide available for download here https://www.se.com/ww/en/download/document/7EN52-0390/?ssr=true .
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Limit authenticated user access to the workstation and implement existing User Account Control practices. • Follow workstation, network and site-hardening guidelines in the Recommended Cybersecurity Best Practices guide available for download here.
• Version 2023 (v4.8.0.5715) of EcoStruxure™ Process Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-country-selector/?pageType=productrange& sourceId=65406 Uninstall previous version 2023 (v4.8.0.5115) before installing Version 2023 (v4.8.0.5715). Version string can be found on engineering server console.
• Version 2023 (v4.8.0.5715) of EcoStruxure™ Process Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=65406
• Version 4.0 of EcoStruxure™ Operator Terminal Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/62621-ecostruxure-operator-terminal-expert/#software-and-firmware
• Version 4.0 of Pro-face BLUE includes a fix for this vulnerability and is available for download here: https://www.proface.com/en/hmi_design_studio/blue/page/installer
• Version 5.4.3 of Zelio Soft 2 includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/542-zelio-soft/#software-and-firmware
• Version SV2.01SP3 of EcoStruxure™ OPC UA Server Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/66388-ecostruxure-opc-ua-server-expert/#software-and-firmware
• Version v2.5.0.1 of EcoStruxure™ Machine Expert includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/
• Version v2.3 of EcoStruxure™ Machine Expert Twin includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/

Affected Vendors

Affected Products (26)

Affected Sectors

Commercial Facilities, Energy, Food and Agriculture, Government Services and Facilities, Transportation Systems, Water and Wastewater