10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
High
0.701 High
EPSS
Percentile
98.0%
Independent researcher Aaron Portnoy of Exodus Intelligence has identified a buffer overflow vulnerability in Schneider Electric’s Interactive Graphical SCADA System (IGSS) application. Schneider Electric has produced a patch that fully resolves this vulnerability. Aaron Portnoy has validated this patch. This vulnerability could be exploited remotely.
The Schneider Electric products affected:
An exploit of this vulnerability could result in a buffer overflow that could possibly allow an attacker to execute code under administrator credentials. IGSS is employed in many sectors including renewable energy, process control, monitoring and control, motor controls, lighting controls, electrical distribution, and security systems.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
Schneider Electric is a US-based company that maintains offices in 190 countries worldwide. Their products address various markets including renewable energy, process control, monitoring and control, motor controls, lighting controls, electrical distribution, and security systems.
IGSS is a desktop application that is used to integrate industrial control system (ICS) components from diverse vendors using diverse sets of protocols and integrate their configuration and monitoring functions using IGSS as a single supervisory or human-machine interface (HMI) system. This software is employed worldwide in a broad range of application areas outside those market areas listed above.
Vulnerability classifications are classified by Common Weakness Enumerations (CWE). This stack-based buffer overflow is classified as CWE-121.
IGSS communicates with a broad range of ICS devices using a broad range of protocols over two network ports, Ports (12397 and 12399)/TCP by default. This exploit has found that out-ofprotocol communication over Port 12397/TCP can cause a buffer overflow condition. Although this overflow can cause the application to crash, an attacker can also apply techniques to take advantage of the buffer overflow and likely execute malicious code with administrator privileges.
CVE-2013-0657 has been assigned to this vulnerability. A CVSS v2 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:C/I:C/A:C).
This vulnerability can be exploited remotely.
No known public exploits specifically target this vulnerability.
An attacker with a moderate skill would be able to exploit this vulnerability.
The best mitigation for this vulnerability is applying the appropriate vendor-supplied patch listed in the footnotes below.
Schneider Electric has issued two patches for versions V9 and V10
If this vulnerability is not mitigated, a remote attacker could cause a buffer overflow and allow malicious code to be executed with administrator privileges. of the IGSS software to address this vulnerability. These patches are available from the Schneider Electric Web site or directly from the links in this advisory. Aaron Portnoy of Exodus Intelligence has validated the patches.
Users of this software with older versions should upgrade their software or employ other mitigation methods. At a minimum, this port should be filtered to only allow access from the specific IP addresses for the devices being controlled or monitored. General measures listed below can also be employed to help mitigate this vulnerability.
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
ICS-CERT provides a section for control systems security recommended practices on the US-CERT Web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01A—Cyber Intrusion Mitigation Strategies, ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
Previous Recommendations can be used as needed (otherwise, delete this text). List other products that are specific to the topic (i.e., phishing mitigations):
In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:
cwe.mitre.org/data/
igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip
igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip
nvd.nist.gov/cvss.cfm?name=&vector=%28AV:N/AC:L/Au:N/C:C/I:C/A:C%29&version=2
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0657
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Schneider%20Electric%20IGSS%20Buffer%20Overflow+https://www.cisa.gov/news-events/ics-advisories/icsa-13-018-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-13-018-01&title=Schneider%20Electric%20IGSS%20Buffer%20Overflow
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-13-018-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-13-018-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Schneider%20Electric%20IGSS%20Buffer%20Overflow&body=www.cisa.gov/news-events/ics-advisories/icsa-13-018-01