Schneider Electric discloses high-severity IGSS vulnerability

Home / Threat Intelligence bulletins / Schneider Electric discloses high-severity IGSS vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Schneider Electric has released a security update relating to a vulnerability, tracked as CVE-2023-4516 (CVSSv3 score: 7.8), in the Update Service for the Interactive Graphical SCADA System (IGSS) product. IGSS is a state-of-the art SCADA system that is utilised for monitoring and controlling industrial processes.

Impact

Successful exploitation of CVE-2023-4516 could allow threat actors to implement remote code execution (RCE) on IGSS Update Service, which would likely result in the loss of control of the SCADA System with IGSS running in production mode.

Vulnerability Detection

A security update for CVE-2023-4516 has been released by Schneider. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

IGSS Update Service (IGSSupdateservice.exe) v16.0.0.23211 and prior.

Containment, Mitigations & Remediations

It is strongly recommended that users of the IGSS Update Service apply the version 16.0.0.23212 update. This is available for download via the Schneider Electric Security Notification.

If the update cannot be applied immediately, Schnieder Electric advises that the following mitigations steps should be adhered to:

  • Disable the IGSS Update Service as an Administrator; only enable it while installing new updates
  • Read the Security Guideline for IGSS on securing an IGSS SCADA-installation
  • Verify that devices are isolated on a private network and that firewalls are configured with strict boundaries for devices that require remote access.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Schneider Electric occupies a significant portion of the power conversion equipment manufacturing industry market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Schneider Electric products have become a prime target. Due to the fact that these products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to compromise them and extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactics:

TA0002 – Execution

Common Weakness Enumeration:

CWE-306 – Missing Authentication for Critical Function

Further Information

Schneider Electric Security Notification

 

An Intelligence Terminology Yardstick to showing the likelihood of events