Security Notification: WSP and CGF vulnerabilities fixed in v15

Thanks to the independent researches Michael Heinzl and the researcher Kimiya working with Trend Micro’s Zero Day initiative the IGSS team has become aware of security issues concerning import of Workspace files (WSP) And Configuration Group Files (CGF) to the IGSS Definition module in IGSS V15.0.0.21041 and prior versions.

An update has been released to fix the issues in IGSS version 15.
Make sure to update the IGSS software either by downloading the latest version by running IGSS Update from the IGSS Master module or install the latest update from our download section.

If you choose not to apply the remediation provided, then please apply the following mitigations to reduce the risk of an exploit:
Avoid importing WSP and CGF files from untrusted sources.

More details about can be found in the official security notification released on Schneider Electric Global – Cybersecurity Notifications.

classified, background, blog