SEVD-2022-284-03
Vulnerability from csaf_se - Published: 2022-10-10 22:13 - Updated: 2025-11-14 06:30Summary
ISaGRAF Workbench for SAGE RTU
Notes
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices.
https://www.se.com/us/en/download/document/7EN52-0390/
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information
This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER
THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric
At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.
We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.
We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.
www.se.com
Overview
Schneider Electric is aware of multiple vulnerabilities in the third party ISaGRAF Workbench software used by SAGE RTU products.
The SAGE RTU products are hardware devices that collect utility substation information from different devices and passes it along to a SCADA software platform.
Failure to apply the mitigations provided below may risk remote code execution, which could result in privilege escalation that will allow an attacker to gain the privileges of the software. If the software is running at SYSTEM level, an attacker may gain admin level privileges. These vulnerabilities can only be exploited when users open the TCP listening ports on the RTU and connect with ISaGRAF Workbench.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.\n\nWe provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.\n\nWe are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.\n\nwww.se.com ",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in the third party ISaGRAF Workbench software used by SAGE RTU products.\r\nThe SAGE RTU products are hardware devices that collect utility substation information from different devices and passes it along to a SCADA software platform.\r\nFailure to apply the mitigations provided below may risk remote code execution, which could result in privilege escalation that will allow an attacker to gain the privileges of the software. If the software is running at SYSTEM level, an attacker may gain admin level privileges. These vulnerabilities can only be exploited when users open the TCP listening ports on the RTU and connect with ISaGRAF Workbench.",
"title": "Overview"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cpcert@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "ISaGRAF Workbench for SAGE RTU - SEVD-2022-284-03 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-284-03-SAGE_RTU_ISaGraf_Workbench_Security_Notification.pdf"
},
{
"category": "self",
"summary": "ISaGRAF Workbench for SAGE RTU - SEVD-2022-284-03 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2022-284-03.json"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"title": "ISaGRAF Workbench for SAGE RTU",
"tracking": {
"current_release_date": "2025-11-14T06:30:00.000Z",
"generator": {
"date": "2025-11-14T04:34:31.751Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2022-284-03",
"initial_release_date": "2022-10-10T22:13:16.000Z",
"revision_history": [
{
"date": "2022-10-10T22:13:16.000Z",
"number": "1.0.0",
"summary": "Original Release"
},
{
"date": "2025-11-14T06:30:00.000Z",
"number": "2.0.0",
"summary": "Corrected Known Affected Versions for SAGE RTU"
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cC3414-500-S02K5_P5",
"product": {
"name": "Schneider Electric SAGE RTU C3414 CPU (Current) Versions prior to C3414-500-S02K5_P5",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SAGE RTU C3414 CPU"
},
{
"branches": [
{
"category": "product_version",
"name": "C3414-500-S02K5_P5",
"product": {
"name": "Schneider Electric SAGE RTU C3414 CPU (Current) Version C3414-500-S02K5_P5",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SAGE RTU C3414 CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric SAGE RTU C3413 CPU (Obsolete CPU) All firmware versions",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SAGE RTU C3413 CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Schneider Electric SAGE RTU C3412 CPU (Obsolete CPU) All firmware versions",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SAGE RTU C3412 CPU"
}
],
"category": "vendor",
"name": "Schneider Electric"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=6.0|\u003c=6.6.9",
"product": {
"name": "Rockwell Automation ISaGRAF Workbench Versions 6.0 through 6.6.9",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "ISaGRAF Workbench"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
],
"relationships": [
{
"category": "optional_component_of",
"full_product_name": {
"name": "Rockwell Automation ISaGRAF Workbench Versions 6.0 through 6.6.9 optional component of Schneider Electric SAGE RTU C3414 CPU (Current) Versions prior to C3414-500-S02K5_P5",
"product_id": "6"
},
"product_reference": "5",
"relates_to_product_reference": "1"
},
{
"category": "optional_component_of",
"full_product_name": {
"name": "Rockwell Automation ISaGRAF Workbench Versions 6.0 through 6.6.9 optional component of Schneider Electric SAGE RTU C3413 CPU (Obsolete CPU) All firmware versions",
"product_id": "7"
},
"product_reference": "5",
"relates_to_product_reference": "3"
},
{
"category": "optional_component_of",
"full_product_name": {
"name": "Rockwell Automation ISaGRAF Workbench Versions 6.0 through 6.6.9 optional component of Schneider Electric SAGE RTU C3412 CPU (Obsolete CPU) All firmware versions",
"product_id": "8"
},
"product_reference": "5",
"relates_to_product_reference": "4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2463",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal \nvulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of \nthe ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, \nthen the attacker will gain admin level privileges. User interaction is required for this exploit to be \nsuccessful. \nNote: The CVSS score provided above is calculated in the context of SAGE RTU. ",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2"
],
"known_affected": [
"6",
"7",
"8"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Version C3414-500-S02K5_P5 of SAGE RTU CPU 3414 includes a mitigation for these vulnerabilities and is available for download here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilities by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.\r\nOR\r\nIf firmware is not upgraded to C3414-500-S02K5_P5, but customers are running firmware version C3414-500-S02K2 or above, then they should immediately apply the following mitigations to reduce the risk of exploit:\r\nIf ISaGRAF is configured and in use, the built-in firewall can be used to disable ISaGRAF port 1131 and 1113 when the debugger is not in use. Use the following commands in the Firewall configuration to disable external access to ISaGRAF:\r\nBlock in proto tcp from any to any port = 1131\r\nBlock in proto tcp from any to any port = 1113\r\nIf ISaGRAF is NOT configured and in use, the ISaGRAF port is by default not enabled and does not start automatically, therefore there is no impact of these vulnerabilities, and no further action is required by customers.",
"product_ids": [
"6"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
},
{
"category": "no_fix_planned",
"details": "SAGE RTU CPU\u2019s C3413 and C3412 have reached their end of life and are no longer supported. Customers should immediately upgrade to the latest CPU C3414 and apply C3414-500-S02K5_P5 or later firmware which can be downloaded here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilies by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.",
"product_ids": [
"7",
"8"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6",
"7",
"8"
]
}
],
"title": "CVE-2022-2463"
},
{
"cve": "CVE-2022-2464",
"notes": [
{
"category": "description",
"text": "ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.\r\nNote: The CVSS score provided above is calculated in the context of SAGE RTU.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2"
],
"known_affected": [
"6",
"7",
"8"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Version C3414-500-S02K5_P5 of SAGE RTU CPU 3414 includes a mitigation for these vulnerabilities and is available for download here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilities by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.\r\nOR\r\nIf firmware is not upgraded to C3414-500-S02K5_P5, but customers are running firmware version C3414-500-S02K2 or above, then they should immediately apply the following mitigations to reduce the risk of exploit:\r\nIf ISaGRAF is configured and in use, the built-in firewall can be used to disable ISaGRAF port 1131 and 1113 when the debugger is not in use. Use the following commands in the Firewall configuration to disable external access to ISaGRAF:\r\nBlock in proto tcp from any to any port = 1131\r\nBlock in proto tcp from any to any port = 1113\r\nIf ISaGRAF is NOT configured and in use, the ISaGRAF port is by default not enabled and does not start automatically, therefore there is no impact of these vulnerabilities, and no further action is required by customers.",
"product_ids": [
"6"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
},
{
"category": "no_fix_planned",
"details": "SAGE RTU CPU\u2019s C3413 and C3412 have reached their end of life and are no longer supported. Customers should immediately upgrade to the latest CPU C3414 and apply C3414-500-S02K5_P5 or later firmware which can be downloaded here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilies by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.",
"product_ids": [
"7",
"8"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6",
"7",
"8"
]
}
],
"title": "CVE-2022-2464"
},
{
"cve": "CVE-2022-2465",
"notes": [
{
"category": "description",
"text": "ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.\r\nNote: The CVSS score provided above is calculated in the context of SAGE RTU.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2"
],
"known_affected": [
"6",
"7",
"8"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Version C3414-500-S02K5_P5 of SAGE RTU CPU 3414 includes a mitigation for these vulnerabilities and is available for download here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilities by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.\r\nOR\r\nIf firmware is not upgraded to C3414-500-S02K5_P5, but customers are running firmware version C3414-500-S02K2 or above, then they should immediately apply the following mitigations to reduce the risk of exploit:\r\nIf ISaGRAF is configured and in use, the built-in firewall can be used to disable ISaGRAF port 1131 and 1113 when the debugger is not in use. Use the following commands in the Firewall configuration to disable external access to ISaGRAF:\r\nBlock in proto tcp from any to any port = 1131\r\nBlock in proto tcp from any to any port = 1113\r\nIf ISaGRAF is NOT configured and in use, the ISaGRAF port is by default not enabled and does not start automatically, therefore there is no impact of these vulnerabilities, and no further action is required by customers.",
"product_ids": [
"6"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
},
{
"category": "no_fix_planned",
"details": "SAGE RTU CPU\u2019s C3413 and C3412 have reached their end of life and are no longer supported. Customers should immediately upgrade to the latest CPU C3414 and apply C3414-500-S02K5_P5 or later firmware which can be downloaded here:\r\nhttps://www.sage-rtu.com/downloads.html\r\nReboot of SAGE RTU is required after firmware upgrade.\r\nThis mitigation disables the ISaGRAF listening TCP ports by default and provides an additional network service checkbox to allow customers to enable the ISaGRAF ETCP task, which will open the TCP listening ports to connect with ISaGRAF workbench when needed, and to disable the TCP listening ports when ISaGRAF Workbench development, debugging, and downloading tasks are complete.\r\nThese vulnerabilities can only be exploited when users reopen the listening ports and connect with ISaGRAF workbench. These vulnerabilities only apply when a non-secure network is being used to perform development tasks in non-runtime applications. It is our recommendation to mitigate these vulnerabilies by performing all ISaGRAF workbench tasks on a secure network or on a private network when connecting to the device.",
"product_ids": [
"7",
"8"
],
"restart_required": {
"category": "system"
},
"url": "https://www.sage-rtu.com/downloads.html"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6",
"7",
"8"
]
}
],
"title": "CVE-2022-2465"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…