icsa-17-066-01
Vulnerability from csaf_cisa
Published
2017-03-07 00:00
Modified
2017-03-07 00:00
Summary
ICSA-17-066-01_Schneider Electric Wonderware Intelligence

Notes

CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Schneider Electric self-reported this vulnerability.
Exploitability
No known public exploits specifically target this vulnerability.


To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Schneider Electric",
        "summary": "self-reporting this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "Schneider Electric self-reported this vulnerability.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-066-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-066-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-066-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-066-01"
      }
    ],
    "title": "ICSA-17-066-01_Schneider Electric Wonderware Intelligence",
    "tracking": {
      "current_release_date": "2017-03-07T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-17-066-01",
      "initial_release_date": "2017-03-07T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-07T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-066-01 Schneider Electric Wonderware Intelligence "
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 7.0 | \u003c= 10.1.3 and Wonderware Intelligence \u003c= 2014R3 ",
                "product": {
                  "name": "Tableau Server/Desktop: Versions 7.0 to 10.1.3 included in Wonderware Intelligence Versions 2014R3 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Tableau Server/Desktop"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5178",
      "cwe": {
        "id": "CWE-1392",
        "name": "Use of Default Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Tableau Server is embedded within the Schneider Electric Wonderware Intelligence software and contains a system account that is installed by default. The default system account is difficult to modify to use non-default credentials after installation and changing the default credentials in the embedded Tableau Server is not documented. As such, Schneider Electric has released a new software version that removes the default system account in the embedded Tableau Server.If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric has released a new software version to address the identified vulnerability and recommends that users using affected versions apply Tableau Server Version 10.1.4. In addition, the Analytics Client (Tableau Desktop OEM) should also be upgraded to Version 10.1.4. Upgrading to Intelligence Server 2014 R3 is also recommended.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "The Schneider Electric customers using Wonderware Intelligence can login at the following support sites to download the Tableau patches:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Tableau Analytics Dashboard Server v10.1.4",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22386"
        },
        {
          "category": "mitigation",
          "details": "Tableau Analytics Client v10.1.4",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22385"
        },
        {
          "category": "mitigation",
          "details": "Wonderware Intelligence 2014 R3",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22288"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has issued Security Bulletin LFSEC00000119, which contains additional information:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://software.schneider-electric.com/support/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2017-5178"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.