Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Schneider Electric Patches Flaws in ClearSCADA, Wonderware Products

Schneider Electric has released patches to address critical and high severity vulnerabilities in its StruxureWare SCADA Expert ClearSCADA and Wonderware Intelligence products, ICS-CERT informed organizations last week.

Schneider Electric has released patches to address critical and high severity vulnerabilities in its StruxureWare SCADA Expert ClearSCADA and Wonderware Intelligence products, ICS-CERT informed organizations last week.

According to advisories released by both ICS-CERT and Schneider Electric, the ClearSCADA product is affected by a high severity flaw (CVE-2017-6021) that allows an attacker on the network to crash the ClearSCADA server process and communications driver by sending a specially crafted request.

The security hole, discovered by researchers at Kaspersky Lab, affects all supported versions of the SCADA product, including ClearSCADA 2014 R1 (build 75.5210), 2014 R1.1 (build 75.5387), 2015 R1 (build 76.5648) and 2015 R2 (build 77.5882).

Service packs or hotfixes were released for versions 2014 R1.1 (build 75.6239), 2015 R1.1 (build 76.6191) and 2015 R2 (build 77.6181) in December and January. Users of ClearSCADA 2013 R2 and earlier versions have been advised to update to 2015 R2.

Learn More at the 2017 Singapore ICS Cyber Security Conference

A separate advisory describes a critical severity credentials management issue (CVE-2017-5178) affecting the Tableau Server analytics software optionally available in the Wonderware Intelligence solution.

The Tableau Server software includes a default account that is not easy to configure after installation. ICS-CERT said the process of changing the default credentials for Tableau Server is not documented.

The account in question has administrative privileges, allowing an attacker to leverage it to take control of the host machine, the vendor warned.

Advertisement. Scroll to continue reading.

Schneider has advised all organizations that use Wonderware Intelligence with Tableau Server versions 7.0 through 10.1.3 to update both the Tableau Server and Tableau Client (Desktop) components to version 10.1.4. It’s worth noting that only installations configured for local authentication are affected by the flaw; installations that use Active Directory are not impacted.

These are not the only vulnerabilities patched by Schneider this year. The company has also addressed security holes in homeLYnk, Wonderware Historian, StruxureWare Data Center Expert, and Conext Combox.

Related: Flaw in Schneider Industrial Firewalls Allows Remote Code Execution

Related: Security Firm Discloses Unpatched Flaws in Schneider HMI Product

Related: ICS Networks at Risk Due to Flaw in Schneider PLC Simulator

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.