www.cisa.gov Open in urlscan Pro
2600:1408:c400:984::447a  Public Scan

URL: https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02
Submission: On October 22 via api from IE — Scanned from US

Form analysis 2 forms found in the DOM

<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
  <table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
    <tbody>
      <tr>
        <td class="gsc-input">
          <div class="gsc-input-box" id="gsc-iw-id1">
            <table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
              <tbody>
                <tr>
                  <td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
                      style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
                  <td class="gsib_b">
                    <div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
                  </td>
                </tr>
              </tbody>
            </table>
          </div>
        </td>
        <td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
              <title>search</title>
              <path
                d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
              </path>
            </svg></button></td>
        <td class="gsc-clear-button">
          <div class="gsc-clear-button" title="clear results">&nbsp;</div>
        </td>
      </tr>
    </tbody>
  </table>
</form>

<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
  <table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
    <tbody>
      <tr>
        <td class="gsc-input">
          <div class="gsc-input-box" id="gsc-iw-id2">
            <table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
              <tbody>
                <tr>
                  <td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
                      style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
                  <td class="gsib_b">
                    <div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
                  </td>
                </tr>
              </tbody>
            </table>
          </div>
        </td>
        <td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
              <title>search</title>
              <path
                d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
              </path>
            </svg></button></td>
        <td class="gsc-clear-button">
          <div class="gsc-clear-button" title="clear results">&nbsp;</div>
        </td>
      </tr>
    </tbody>
  </table>
</form>

Text Content

Skip to main content

An official website of the United States government

Here’s how you know

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.

Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue



Search

×

search
 

Menu



Close
×

search
 

 * Topics
   Topics
   Cybersecurity Best Practices
   Cyber Threats and Advisories
   Critical Infrastructure Security and Resilience
   Election Security
   Emergency Communications
   Industrial Control Systems
   Information and Communications Technology Supply Chain Security
   Partnerships and Collaboration
   Physical Security
   Risk Management
   How can we help?
   GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
   TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
   LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
 * Spotlight
 * Resources & Tools
   Resources & Tools
   All Resources & Tools
   Services
   Programs
   Resources
   Training
   Groups
 * News & Events
   News & Events
   News
   Events
   Cybersecurity Alerts & Advisories
   Directives
   Request a CISA Speaker
   Congressional Testimony
   CISA Conferences
   CISA Live!
 * Careers
   Careers
   Benefits & Perks
   HireVue Applicant Reasonable Accommodations Process
   Hiring
   Resume & Application Tips
   Students & Recent Graduates
   Veteran and Military Spouses
   Work @ CISA
 * About
   About
   Culture
   Divisions & Offices
   Regions
   Leadership
   Doing Business with CISA
   Site Links
   Reporting Employee and Contractor Misconduct
   CISA GitHub
   CISA Central
   2023 Year In Review
   Contact Us
   Subscribe

Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
 1. Home
 2. News & Events
 3. Cybersecurity Advisories
 4. ICS Advisory

Share:


ICS Advisory


SCHNEIDER ELECTRIC DATA CENTER EXPERT

Release Date
October 15, 2024
Alert Code
ICSA-24-289-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems


View CSAF(link is external)


1. EXECUTIVE SUMMARY

 * CVSS v4 8.6
 * ATTENTION: Exploitable remotely/low attack complexity
 * Vendor: Schneider Electric
 * Equipment: Data Center Expert
 * Vulnerability: Improper Verification of Cryptographic Signature, Missing
   Authentication for Critical Function


2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to
access private data.


3. TECHNICAL DETAILS


3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following versions of Data Center Expert, a
monitoring software, are affected:

 * Data Center Expert: Versions 8.1.1.3 and prior


3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347(LINK IS EXTERNAL)

An improper verification of cryptographic signature vulnerability exists that
could compromise the Data Center Expert software when an upgrade bundle is
manipulated to include arbitrary bash scripts that are executed as root.

CVE-2024-8531(link is external) has been assigned to this vulnerability. A CVSS
v3.1 base score of 7.2 has been calculated; the CVSS vector string is
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H(link is external)).

A CVSS v4 score has also been calculated for CVE-2024-8531(link is external). A
base score of 8.6 has been calculated; the CVSS vector string is
(CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N(link is
external)).

3.2.2 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306(LINK IS EXTERNAL)

A missing authentication for critical function vulnerability exists in Data
Center Expert software that could cause exposure of private data when an already
generated "logcaptures" archive is accessed directly by HTTPS.

CVE-2024-8530(link is external) has been assigned to this vulnerability. A CVSS
v3.1 base score of 5.9 has been calculated; the CVSS vector string is
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N(link is external)).

A CVSS v4 score has also been calculated for CVE-2024-8530(link is external). A
base score of 8.2 has been calculated; the CVSS vector string is
(CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N(link is
external)).


3.3 BACKGROUND

 * CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Energy, Food and
   Agriculture, Government Facilities, Transportation Systems, Water and
   Wastewater Systems
 * COUNTRIES/AREAS DEPLOYED: Worldwide
 * COMPANY HEADQUARTERS LOCATION: France


3.4 RESEARCHER

Anonymous working with Trend Micro Zero Day Initiative reported these
vulnerabilities to Schneider Electric.


4. MITIGATIONS

Version 8.2 of EcoStruxure IT Data Center Expert includes fixes for these
vulnerabilities and is available upon request from Schneider Electric's Customer
Care Center.(link is external)

Users should use appropriate patching methodologies when applying these patches
to their systems. Schneider Electric strongly recommends the use of back-ups and
evaluating the impact of these patches in a test and development environment or
on an offline infrastructure. Contact
Schneider Electric's Customer Care Center(link is external) if you need
assistance removing a patch.

If users choose not to apply the remediation provided above, they should
immediately apply the following mitigations to reduce the risk of exploit:

 * Ensure that the principals of least privilege are being followed so that only
   those with need have account access and that the level of their respective
   account authorization aligns with their role, including privileged accounts
   as described in the Data Center Expert Security Handbook.(link is external)
 * Verify SHA1 checksums of upgrade bundles prior to executing upgrades as
   described in the Upgrades section of the Data Center Expert Security
   Handbook.(link is external)
 * Delete any existing "logcapture" archives present on the system and do not
   create any new "logcapture" archives. Existing archives can be deleted from
   the https://server_ip/capturelogs(link is external) web page after
   authenticating.

Schneider Electric strongly recommends the following industry cybersecurity best
practices:

 * Locate control and safety system networks and remote devices behind firewalls
   and isolate them from the business network.
 * Install physical controls so no unauthorized personnel can access your
   industrial control and safety systems, components, peripheral equipment, and
   networks.
 * Place all controllers in locked cabinets and never leave them in the
   "Program" mode.
 * Never connect programming software to any network other than the network
   intended for that device.
 * Scan all methods of mobile data exchange with the isolated network such as
   CDs, USB drives, etc. before use in the terminals or any node connected to
   these networks.
 * Never allow mobile devices that have connected to any other network besides
   the intended network to connect to the safety or control networks without
   proper sanitation.
 * Minimize network exposure for all control system devices and systems and
   ensure that they are not accessible from the Internet.
 * When remote access is required, use secure methods, such as virtual private
   networks (VPNs). Recognize that VPNs may have vulnerabilities and should be
   updated to the most current version available. Also, understand that VPNs are
   only as secure as the connected devices.

For more information refer to the Schneider Electric Recommended Cybersecurity
Best Practices document.(link is external)

For more information see the associated Schneider Electric security notification
SEVD-2024-282-01 in PDF(link is external) and CSAF(link is external)

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. CISA reminds organizations to perform
proper impact analysis and risk assessment prior to deploying defensive
measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber
defense best practices are available for reading and download, including
Improving Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies
for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage at cisa.gov/ics in the technical information paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies.

Organizations observing suspected malicious activity should follow established
internal procedures and report findings to CISA for tracking and correlation
against other incidents.

No known public exploitation specifically targeting these vulnerabilities has
been reported to CISA at this time.


5. UPDATE HISTORY

 * October 15, 2024: Initial Publication

This product is provided subject to this Notification and this Privacy &
Use policy.


VENDOR

 * Schneider Electric


TAGS

Topics
Industrial Control System Vulnerabilities, Industrial Control Systems
Sector
Commercial Facilities Sector, Energy Sector, Food and Agriculture Sector,
Government Services and Facilities Sector, Transportation Systems Sector, Water
and Wastewater Systems


PLEASE SHARE YOUR THOUGHTS

We recently updated our anonymous product survey; we’d welcome your feedback.


RELATED ADVISORIES

Oct 22, 2024
ICS Advisory | ICSA-24-296-01


ICONICS AND MITSUBISHI ELECTRIC PRODUCTS

Oct 17, 2024
ICS Advisory | ICSA-24-291-01


ELVACO M-BUS METERING GATEWAY CME3100

Oct 17, 2024
ICS Advisory | ICSA-24-291-04


HMS NETWORKS EWON FLEXY 202

Oct 17, 2024
ICS Advisory | ICSA-24-291-02


LCDS LAQUIS SCADA

Return to top
 * Topics
 * Spotlight
 * Resources & Tools
 * News & Events
 * Careers
 * About

Cybersecurity & Infrastructure Security Agency
 * Facebook
 * Twitter
 * LinkedIn
 * YouTube
 * Instagram
 * RSS

CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
 * About CISA
 * Budget and Performance
 * DHS.gov
 * Equal Opportunity & Accessibility
 * FOIA Requests
 * No FEAR Act
 * Office of Inspector General
 * Privacy Policy
 * Subscribe
 * The White House
 * USA.gov
 * Website Feedback