QID 590723
Date Published: 2022-03-28
QID 590723: Schneider Electric Floating License Manager for CitectSCADA,CitectHistorian and Citect Anywhere Multiple Vulnerabilities (ICSA-18-144-01)
AFFECTED PRODUCTS
The following products use the vulnerable Schneider Electric Floating License Manager, a license management platform:
SCADA Expert Vijeo Citect / CitectSCADA Version 7.30, 7.40,
CitectSCADA Version 2015, 2016,
Vijeo Historian/CitectHistorian Version 4.40, 4.50,
CitectHistorian Version 2016,
Citect Anywhere,
PlantStruxure PES V4.3 SP1 and prior, and
EcoStruxure Modicon Builder V3.0 and prior.
The following products are only affected by CVE-2016-10395:
EcoStruxure Power Monitoring Expert 8.2 (Standard, DC, HC Editions),
StruxureWare Power Monitoring Expert 8.1 (Standard, DC, HC Editions),
StruxureWare Power Monitoring Expert 8.0 (Standard, DC, HC, Buildings Editions),
StruxureWare Power Monitoring Expert 7.2.x,
Energy Expert 1.x (formerly Power Manager), and
EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module).
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.
Customers are advised to refer to CERT MITIGATIONS section ICSA-18-144-01 for affected packages and patching details.
- ICSA-18-144-01 -
www.cisa.gov/uscert/ics/advisories/ICSA-18-144-01
CVEs related to QID 590723
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ICSA-18-144-01 |
www.cisa.gov/uscert/ics/advisories/ICSA-18-144-01 |