3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
25.7%
**ATTENTION:**Low skill level to exploit.
Vendor: Schneider Electric
Equipment: Wonderware Historian Client
**Vulnerability:**Improper XML Parser Configuration
The following versions of Wonderware Historian Client, an analysis and reporting software, are affected:
Successful exploitation of this vulnerability could allow a malicious entity to cause denial of service of trend display or to disclose arbitrary files from the local file system to a malicious web site.
Schneider Electric recommends that users of Wonderware Historian Client 2014 R2 SP1 apply update HC_SecurityHF_10.6.13100. Users of older versions of Wonderware Historian Client are also affected and should first upgrade to Wonderware Historian Client 2014 R2 SP1 and then apply HC_SecurityHF_10.6.13100.
Users of Wonderware Historian Client can login at the following support web site to download the upgrade:
<https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22409>
Schneider Electric has issued Security Bulletin LFSEC00000120, which contains additional information:
<http://software.schneider-electric.com/support/cyber-security-updates/>
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICSβCERT Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:
No known public exploits specifically target this vulnerability.
An improperly restricted XML parser may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.
CVE-2017-7907 has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H).
Andrey Zhukov from USSC reported this vulnerability and has tested the patch.
Critical Infrastructure Sector(s): Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Paris, France
software.schneider-electric.com/support/cyber-security-updates/
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7907
cwe.mitre.org/data/definitions/611.html
gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22409
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Schneider%20Electric%20Wonderware%20Historian%20Client+https://www.cisa.gov/news-events/ics-advisories/icsa-17-122-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-122-01&title=Schneider%20Electric%20Wonderware%20Historian%20Client
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-122-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-122-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Schneider%20Electric%20Wonderware%20Historian%20Client&body=www.cisa.gov/news-events/ics-advisories/icsa-17-122-01
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
25.7%