CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
23.3%
**ATTENTION:**Low skill level to exploit.
Vendor: Schneider Electric
Equipment: Wonderware InduSoft Web Studio
Vulnerability: Incorrect Default Permissions
The following versions of Schneider Electric’s Wondeware InduSoft Web Studio are affected:
Successful exploitation of this vulnerability could allow an authenticated user to escalate his or her privileges.
Schneider Electric released Wonderware InduSoft Web Studio v8.0 + Service Pack 1 to address this vulnerability. It can be found at the following location:
<http://www.indusoft.com/Products-Downloads>
For more information, users of affected products can read Schneider Electric’s Security Notification at the following location:
<http://www.schneider-electric.com/en/download/document/SEVD-2017-090-02/>
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable.
Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system’s path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.
CVE-2017-7968 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
Karn Ganeshen identified this vulnerability.
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Paris, France
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7968
www.indusoft.com/Products-Downloads
www.schneider-electric.com/en/download/document/SEVD-2017-090-02/
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-138-02
cwe.mitre.org/data/definitions/276.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Schneider%20Electric%20Wonderware%20InduSoft%20Web%20Studio+https://www.cisa.gov/news-events/ics-advisories/icsa-17-138-02
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-138-02&title=Schneider%20Electric%20Wonderware%20InduSoft%20Web%20Studio
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-138-02
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Schneider%20Electric%20Wonderware%20InduSoft%20Web%20Studio&body=www.cisa.gov/news-events/ics-advisories/icsa-17-138-02
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
23.3%