Cybersecurity specialists reported the finding of at least six vulnerabilities in IGSS SCADA, the automation software for multi-process monitoring and control developed by Schneider Electric. According to the report, successful exploitation of these vulnerabilities would allow remote code execution on vulnerable systems, among other attack variants.
Below are brief reviews of the reported flaws, in addition to their respective scores according to the Common Vulnerability Scoring System (CVSS). It should be noted that the flaws do not yet have a CVE key assigned.
1) This error exists due to a boundary error when processing files in CGF format. Remote threat actors can create specially designed CGF files, have the victim open these files using the compromised software and execute arbitrary code on the target system.
This is a high severity vulnerability that received a CVSS score of 8/10, mentioned in the cybersecurity report.
2) A boundary error when processing CGF files would allow remote attackers to create specially designed CGF files and send them to the victim in order to trigger a stack-based buffer overflow.
The flaw received a score of 8.1/10 and its successful exploitation would allow malicious hackers to execute remote code on the target system.
3) The existence of a boundary error when processing CGF files would allow malicious hackers to create specially designed CGF files to trigger a buffer overflow on the target system and execute arbitrary code.
This flaw received a CVSS score of 8.1/10.
4) The flaw exists due to a boundary error when processing CGF files. Threat actors can create specially designed files to trick victims and execute arbitrary code on the target system.
This out-of-bound write vulnerability received a CVSS score of 8.1/10.
5) This vulnerability exists due to errors when processing CGF files, of which threat actors could take advantage to send specially designed files to exposed users and enable out-of-bounds writing, leading to arbitrary code execution on the target system.
The vulnerability received a score of 8.1/10 on the CVSS scale.
6) The last reported flaw exists due to a boundary condition when processing CGF files. Remote threat actors can create specially designed files with which they can trigger an out-of-bounds read error and access potentially sensitive information on the attacked system.
The flaw received a score of 2.9/10, so it is considered a low severity error.
Reported flaws reside in the following versions of Schneider Electric IGSS SCADA: 2, 4.1, 5, 5.1, 6, 7, 8, 9, 10, 11, 12, 13, 13.0.0.19140, 14, 14.0.0.19120, 14.0.0.20009, 14.0.0.20247 and 14.0.0.20248.
While cybersecurity experts mention that vulnerabilities could be exploited remotely by unauthenticated threat actors, no active exploit attempts or any malware variant associated with the attack have been reported. Security patches are now available, so Schneider Electric recommends upgrading as soon as possible.