DHS Warns of Schneider Electric ClearSCADA Vulnerability


The Department of Homeland Security is warning the maintainers of industrial control systems (ICS) about a remotely exploitable uncontrolled resource consumption vulnerability in Schneider Electric’s ClearSCADA software. Schneider Electric says that it has developed a new version of ClearSCADA that resolves the vulnerability reported by Adam Crain of Automatak and independent security researcher Chris Sistrunk. The company further claims it has no evidence suggesting that these vulnerabilities have been exploited in a production environment. The ICS computer emergency response team (ICS-CERT) is also unaware of any in-the-wild attacks targeting these bugs, though their [advisory](<http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01>) notes that “An attacker with a medium skill would be able to exploit this vulnerability.” ClearSCADA is secure remote management software designed for use in large, geographically dispersed critical infrastructure systems. On machines running pre-November 2013 versions of ClearSCADA, an attacker could generate specially crafted, unsolicited frames that – in turn – could cause excessive event logging, slowing driver operation and potentially leading to a denial of service condition in the distributed network protocol (DNP3). Schneider is recommending that users of its ClearSCADA software monitor DNP3 traffic and their system’s event journal in order to detect excessive amounts of traffic or logging which may be representative of a fuzzing attack attempting to exploit the vulnerabilities. Beyond that, users are advised to upgrade their ClearSCA DA server to SCADA Expert ClearSCADA 2013 R2 or a more recent version. Users can also update to a service pack released later than November 2013. Affected products include, ClearSCADA 2010 R2 (Build 71.4165), ClearSCADA 2010 R2.1 (Build 71.4325), ClearSCADA 2010 R3 (Build 72.4560), ClearSCADA 2010 R3.1 (Build 72.4644), SCADA Expert ClearSCADA 2013 R1 (Build 73.4729), SCADA Expert ClearSCADA 2013 R1.1 (Build 73.4832), SCADA Expert ClearSCADA 2013 R1.1a (Build 73.4903), and SCADA Expert ClearSCADA 2013 R1.2 (Build 73.4955).