Schneider Electric IGSS SCADA Software (ICSA-20-084-02) – Product Used in the Energy Sector

CISA has published an advisory on path traversal and missing authentication for critical function vulnerabilities in Schneider Electric IGSS SCADA software. Versions 14 and prior using the service IGSSupdate are affected. Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions. Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.