Doc ID                : ADV243
Version              : 1.0
Status                : Published
Published date : 07/24/2015
Categories  : Foxboro Evo
I/A Series
SCADA
FCS (Infusion)

Customer Advisory
Binary Planting Security Vulnerability with Wonderware System Platform used in Foxboro Process Automation Products
July 24, 2015


Schneider Electric is committed to ensuring that our customers and employees are kept current on issues that might affect or improve product, system or process operation. We are dedicated to providing product and application reliability, and exceptional client service.

Customer Advisories are intended to inform you of the possibility of a situation occurring at system installations, and the identified resolution. Schneider-Electric recommends that our customers consider taking action to help prevent occurrence of the identified situation during your production process.

Potential Security Vulnerability:
It is recognized that the global threat environment is constantly changing and we are committed to helping our customers protect the security of their installations. We have reviewed the issue described in this Customer Advisory and determined that, if no action is taken, there is potential security vulnerability that could allow an attacker to compromise the integrity, availability, or confidentiality of a product. We strongly advise customers to take note of the actions recommended, to test such actions or patches on non-production systems as able, prior to deployment into production environments. This approach is recommended in order to minimize risk and exposure to announced vulnerabilities.

SITUATION
Wonderware by Schneider Electric has disclosed a group of cyber security binary planting vulnerabilities in Wonderware System Platform 2014 R2 and earlier (see Wonderware Security Bulletin, LFSEC00000106).  Wonderware System Platform is an integral part of  InFusion™ Control Edition, InFusion™ SCADA, Foxboro SCADA, Foxboro® Control Software (FCS), and Foxboro Evo™ Control Software.
 
NOTE:  Binary Plating is also known as DLL Preloading, DLL Hijacking, and Insecure Library Loading. 

SYMPTOMS
The vulnerabilities, if exploited, could allow malicious code execution and have been given a rating of "High".  There are no known exploits reported at this time.  Schneider Electric recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.

ACTIONS OR RESOLUTIONS
Schneider Electric believes that the exploitation of vulnerabilities, such as binary planting described above, is preventable in an environment secured using industry standard practices.  Schneider Electric has used cyber-security defenses in the design and implementation of its product.  This - in combination with the client's implementation of best practices, policies and procedures in accordance with industry standards to provide a secure environment, restrict and control access to the control environment - will effectively provide a defensive barrier to vulnerabilities such as this one.  Some of the more important cyber-security defenses and industry standard, customer implemented best practices are described below:

By following these implementation and security standards, the possibility of a malicious binary planting attack is substantially diminished.  The protections listed above effectively restrict external or unauthorized access to the Foxboro Process Automation systems while still allowing authorized access to required capabilities.

Wonderware System Platform 2014 R2 Patch 01 provides further limits to exploiting this vulnerability and will be qualified on future releases of Foxboro Evo and Foxboro SCADA systems.



FOR INFORMATION
If you have any questions regarding this article, please contact your local Service Representative or an Schneider Electric Support Center at:

GCS Center America's GCS Asia Pacific GCS EMEA GCS
Location Foxboro MA USA Shanghai Baarn NL
Phone +1-866-746-6477 +86 21 37180086  +31-3554-84125
Internationally +1-508-549-2424    
Fax +1-508-549-4999 +86 21 37180196 +31-3554-84230
Email America's GCS Asia Pacific GCS EMEA GCS

Regards,

John Petty
Director,
Global Customer Support

Distribution to Schneider Electric Customers and Internal Personnel Only
DO NOT REPRODUCE.
All trademarks are registered to their respective owners.
All brand names are property of their respective owners.

Advisory #: 2015038abi

©Schneider Electric. All rights reserved