Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Schneider Electric ClearSCADA <= 2013 R2 Remote Code Execution Vulnerability

Medium

Synopsis

A vulnerable version of Schneider Electric ClearSCADA has been detected.

Description

ClearSCADA versions between 2010 R2 and 2013 R2 inclusive are affected by a remote code execution vulnerability related to the way the KepServer V4 component in the PLC Driver validates project file input. An attacker could cause a denial of service (application crash) or execute arbitrary code via a specially crafted project file.

Newer versions of ClearSCADA (i.e., 6.73.4729 and later) are referred to as "SCADA Expert ClearSCADA."

Solution

There is currently no fix available. The vendor advises uninstalling the PLC Driver.