Technical FAQs

Ask a Question

PowerSCADA Expert Security Notification (Wonderware ArchestrA Logger multiple vulnerabilities)

Issue
Schneider Electric has become aware of a vulnerability in the Wonderware ArchestrA Logger component used within the PowerSCADA Expert 8.2 product.

Product Line
PowerSCADA Expert 8.2

Environment
Wonderware ArchestrA Logger component

Cause
The Wonderware ArchestrA Logger component exposes a Remote Procedure Call (RPC) interface for remote management. Some of the methods on this interface are susceptible to:

•    Remote Code Execution, which could allow an attacker to run arbitrary code in the context of a highly privileged account.
•    Memory Leaks, which could allow an attacker to exhaust the memory of the target machine and cause Denial of Service for applications running on the target machine.
•    Null Pointer Dereferences, which could allow an attacker to crash the logger process causing Denial of Service for logging and log-viewing operations.

Resolution
See the attached document for further details regarding this vulnerability.

Schneider Electric has developed a patch which addresses these vulnerabilities.
Download, unzip and install the patch from the following location: https://schneider-electric.box.com/shared/static/l21fxfghaqlzxkjt456q4gbm28qbuqyh.zip

Schneider Electric recommends ALL customers using the affected software packages to download and apply the relevant patch.
Notes on applying the patch:
•    Customers are recommended to close System Management Console (SMC) and Log Viewer applications prior to applying this patch. If the applications are open customers may receive an error. To resolve this error please restart the System Management Console (SMC) or refresh the Log Viewer applications.
•    If PowerSCADA Expert 8.2 is reinstalled after this patch is applied, then the patch needs to be reinstalled after the PowerSCADA Expert 8.2 is reinstalled.

For more information
This document is intended to help provide an overview of the identified vulnerability and actions required to mitigate it. To obtain full details on the issues and assistance on how to protect your installation, please contact your local Schneider Electric representative. These organizations will be fully aware of the situation and can support you through the process.
For further information on vulnerabilities in Schneider Electric's products, please visit Schneider Electric's cybersecurity web page at http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page
 
Was this helpful?
What can we do to improve the information ?