Schneider Electric fixed an exception handling vulnerability in its CitectSCADA application, according to a report on ICS-CERT.
While investigating this vulnerability report, Schneider Electric discovered additional related vulnerabilities and has produced a patch that mitigates them in SCADA Expert Vijeo Citect, CitectSCADA, and PowerSCADA Expert.
Researcher Carsten Eiram of Risk Based Security, who discovered the initial vulnerability, tested the patch to validate it resolves all the vulnerabilities in CitectSCADA. The vulnerability is remotely exploitable.
The following Schneider Electric versions suffer from the problem:
• StruxureWare SCADA Expert Vijeo Citect v7.40,
• Vijeo Citect v7.20 to v7.30SP1,
• CitectSCADA v7.20 to v7.30SP1,
• StruxureWare PowerSCADA Expert v7.30 to v7.30SR1, and
• PowerLogic SCADA v7.20 to v7.20SR1.
An attacker can cause a denial of service (DoS) by exploiting this vulnerability. The software would need a restart to recover.
Schneider Electric is a France-based multinational corporation. Schneider Electric is a manufacturer and integrator of energy management and industrial automation systems, equipment, and software.
The affected products are web-based SCADA systems. The affected Schneider Electric systems are primarily in energy, manufacturing, and infrastructure applications worldwide.
The exception handling vulnerability could cause a DoS on the server of the affected products. To exploit this vulnerability an attacker must send a specially crafted packet to any of the server processes.
CVE-2013-2824 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.
No known public exploits specifically target this vulnerability, however an attacker with a low skill would be able to exploit this vulnerability.
Some users may have experienced a crash after applying the “security & quality fix” released December 16. Schneider Electric said the problem is within the quality portion of the fix. They have removed the quality fix from the release and have issued a new patch containing only the security update for this vulnerability.
Schneider Electric has developed a cumulative patch that addresses the above security issue as well as a separate quality issue. These patches are available for all products affected:
HF740RTM60777.1 for SCADA Expert Vijeo Citect v7.40
HF730SP160775.1 for Vijeo Citect v7.30 SP1
HF720SP460769.1 for Vijeo Citect v7.20 SP4
HF740RTM60777.1 for CitectSCADA v7.40
HF730SP160775.1 for CitectSCADA v7.30 SP1
HF720SP460769.1 for CitectSCADA v7.20 SP4
HF730SP1608004 for PowerSCADA Expert v7.30 SR1
HF720SP460803 for PowerLogic SCADA v7.20 SR1
Schneider Electric recommends all customers using the affected software packages listed above download and apply the relevant patch. They published a notification that tells more about this security issue and a quality issue not discussed here. Users with access can click here.
SCADA Expert Vijeo Citect or CitectSCADA customers may contact the SCADA & MES Software Global Support Centre for more information.