In Schneider Electric Industrial Products Identifed Hazardous Vulnerabilities: How to Mitigate?

Schneider Electric
Written by Brendan Smith

Five dangerous vulnerabilities were discovered in the Schneider Electric Floating License Manager and Schneider Electric Interactive Graphical SCADA System (IGSS) products.

The successful operation of these bugs can lead to a denial of service or the ability to execute arbitrary code, or bypassing the license for legal use of the product.

Floating License Manager is part of many popular Schneider Electric products used in critical industries. Four vulnerabilities (CVE-2018-20031, CVE-2018-20032, CVE-2018-20033 and CVE-2018-20034) were found in the software (version and earlier), providing the ability to disable the vendor daemon.

The manufacturer has already released a revised version of the application

The degree vulnerabilities’ danger CVE-2018-20031, CVE-2018-20032 and CVE-2018-20034 is estimated at 7.5 points on the CVSS v3 scale, and CVE-2018-200339.8 points.

A vulnerability has been discovered in the IGSS dispatch control system (CVE-2019-6827) that can cause software crashes or code execution.

The bug can be exploited when the application processes a specially crafted project file. Vulnerability affects versions 14 and earlier.

Revised versions and are already available on the manufacturer’s website. The system is used for monitoring in a variety of industries, transport management systems, shipbuilding, building management systems.


  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply