Schneider Electric Triconex Flaws allows shutting down Scada systems. Patch them

Cybersecurity specialists reported the finding of multiple vulnerabilities in Schneider Electric Triconex. According to the report, successful exploitation of these vulnerabilities would allow threat actors to view clear text data on the network, cause a denial of service condition, or allow incorrect access.

The affected versions are:

  • TriStation 1131, v1.0.0 to v4.9.0, v4.10.0 and 4.12.0, running on Windows NT, Windows XP or Windows 7
  • Tricon Communications Module (TCM) Models 4351, 4352, 4351A/B and 4352A/B installed on Tricon v10.0 systems to v10.5.3

Users of current and newer versions of the identified firmware and software are not exposed to these specific vulnerabilities.

Below is a list of reported vulnerabilities, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-7483: This is a flaw related to the “password” function in TriStation 1131 Versions 1.0 to 4.12.0 that could make certain data visible on the network if the feature is enabled. The flaw received a score of 5.3/10.

CVE-2020-7484: A vulnerability related to the “password” feature in TriStation 1131 Versions 1.0 to 4.12.0 would allow malicious hackers to deploy denial of service (DDoS) attacks if the user does not set the necessary settings. This flaw received a score of 7.5/10.

CVE-2020-7485: A legacy support account in TriStation 1131 versions 1.0 to 4.9.0 and 4.10.0 could allow malicious hackers inappropriate access to the TriStation 1131 project file. The vulnerability received a score of 5.5.

CVE-2020-7486: Exploiting this letter would allow the TMMs installed in The Tricon 10.0.0 to 10.4.x system versions to be reset when under a high network load, generating a DoS condition. The vulnerability received a score of 7.5/10. 

CVE-2020-7491: A legacy debug port account on TCM installed on Tricon 10.2.0 to 10.5.3 system versions is visible on the network and could allow inappropriate access. The flaw received a score of 10/10.

Schneider Electric released TriStation v4.9.1 and v4.10.1 cpm in order to address these flaws; the company has already notified users of affected deployments; updates are now available on the company’s official platforms. Schneider has also published some recommendations for users who can’t update right away:

  • Install physical controls so that no unauthorized personnel can access industrial safety and control systems, components, peripheral equipment and networks.
  • Place all drivers in closed enclosures and never leave them in “Program” mode.

Users of affected deployments will be able to mitigate the risk of exploitation by enabling these security measures.