ICS-CERT Advising Users Update Schneider Electric ClearSCADA

Author: Brian Donohue
minute read
critical infrastructure security

The Department of Homeland Security is warning the maintainers of industrial control systems (ICS) about a remotely exploitable uncontrolled resource consumption vulnerability in Schneider Electric’s ClearSCADA software.

The Department of Homeland Security is warning the maintainers of industrial control systems (ICS) about a remotely exploitable uncontrolled resource consumption vulnerability in Schneider Electric’s ClearSCADA software.

Schneider Electric says that it has developed a new version of ClearSCADA that resolves the vulnerability reported by Adam Crain of Automatak and independent security researcher Chris Sistrunk. The company further claims it has no evidence suggesting that these vulnerabilities have been exploited in a production environment. The ICS computer emergency response team (ICS-CERT) is also unaware of any in-the-wild attacks targeting these bugs, though their advisory notes that “An attacker with a medium skill would be able to exploit this vulnerability.”

ClearSCADA is secure remote management software designed for use in large, geographically dispersed critical infrastructure systems.

On machines running pre-November 2013 versions of ClearSCADA, an attacker could generate specially crafted, unsolicited frames that – in turn – could cause excessive event logging, slowing driver operation and potentially leading to a denial of service condition in the distributed network protocol (DNP3).

Schneider is recommending that users of its ClearSCADA software monitor DNP3 traffic and their system’s event journal in order to detect excessive amounts of traffic or logging which may be representative of a fuzzing attack attempting to exploit the vulnerabilities. Beyond that, users are advised to upgrade their ClearSCA DA server to SCADA Expert ClearSCADA 2013 R2 or a more recent version. Users can also update to a service pack released later than November 2013.

Affected products include, ClearSCADA 2010 R2 (Build 71.4165), ClearSCADA 2010 R2.1 (Build 71.4325), ClearSCADA 2010 R3 (Build 72.4560), ClearSCADA 2010 R3.1 (Build 72.4644), SCADA Expert ClearSCADA 2013 R1 (Build 73.4729), SCADA Expert ClearSCADA 2013 R1.1 (Build 73.4832), SCADA Expert ClearSCADA 2013 R1.1a (Build 73.4903), and SCADA Expert ClearSCADA 2013 R1.2 (Build 73.4955).

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.