Schneider Electric has released patches to address critical and high severity vulnerabilities in its StruxureWare SCADA Expert ClearSCADA and Wonderware Intelligence products, ICS-CERT informed organizations last week.
According to advisories released by both ICS-CERT and Schneider Electric, the ClearSCADA product is affected by a high severity flaw (CVE-2017-6021) that allows an attacker on the network to crash the ClearSCADA server process and communications driver by sending a specially crafted request.
The security hole, discovered by researchers at Kaspersky Lab, affects all supported versions of the SCADA product, including ClearSCADA 2014 R1 (build 75.5210), 2014 R1.1 (build 75.5387), 2015 R1 (build 76.5648) and 2015 R2 (build 77.5882).
Service packs or hotfixes were released for versions 2014 R1.1 (build 75.6239), 2015 R1.1 (build 76.6191) and 2015 R2 (build 77.6181) in December and January. Users of ClearSCADA 2013 R2 and earlier versions have been advised to update to 2015 R2.
Learn More at the 2017 Singapore ICS Cyber Security Conference
A separate advisory describes a critical severity credentials management issue (CVE-2017-5178) affecting the Tableau Server analytics software optionally available in the Wonderware Intelligence solution.
The Tableau Server software includes a default account that is not easy to configure after installation. ICS-CERT said the process of changing the default credentials for Tableau Server is not documented.
The account in question has administrative privileges, allowing an attacker to leverage it to take control of the host machine, the vendor warned.
Schneider has advised all organizations that use Wonderware Intelligence with Tableau Server versions 7.0 through 10.1.3 to update both the Tableau Server and Tableau Client (Desktop) components to version 10.1.4. It’s worth noting that only installations configured for local authentication are affected by the flaw; installations that use Active Directory are not impacted.
These are not the only vulnerabilities patched by Schneider this year. The company has also addressed security holes in homeLYnk, Wonderware Historian, StruxureWare Data Center Expert, and Conext Combox.
Related: Flaw in Schneider Industrial Firewalls Allows Remote Code Execution
Related: Security Firm Discloses Unpatched Flaws in Schneider HMI Product
Related: ICS Networks at Risk Due to Flaw in Schneider PLC Simulator
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
