Schneider Electric has new software to mitigate a security misconfiguration in its IGSS SCADA Software, according to a report with ICS-CERT.
IGSS SCADA Software V12 and all previous versions suffer from the locally exploitable vulnerability, discovered by Ivan Sanchez of Nullcode.
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash or execute arbitrary code.
Schneider Electric has provided IGSS SCADA Software V13 to address this vulnerability.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. In addition, an attacker would need high skill level to leverage the vulnerability.
Memory protection settings such as address space layout randomization (ASLR) and data execution prevention (DEP) are not properly implemented.
CVE-2017-9967 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.
The product sees use in the commercial facilities, critical manufacturing, and energy sectors. It also sees action on a global basis.