{ "document": { "acknowledgments": [ { "organization": "Schneider Electric", "summary": "self-reporting this vulnerability" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "summary", "text": "Schneider Electric self-reported this vulnerability.", "title": "Summary" }, { "category": "other", "text": "No known public exploits specifically target this vulnerability.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "CISAservicedesk@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-17-066-01 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-066-01.json" }, { "category": "self", "summary": "ICS Advisory ICSA-17-066-01 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-066-01" } ], "title": "ICSA-17-066-01_Schneider Electric Wonderware Intelligence", "tracking": { "current_release_date": "2017-03-07T00:00:00.000000Z", "generator": { "engine": { "name": "CISA USCert CSAF Generator", "version": "1" } }, "id": "ICSA-17-066-01", "initial_release_date": "2017-03-07T00:00:00.000000Z", "revision_history": [ { "date": "2017-03-07T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-17-066-01 Schneider Electric Wonderware Intelligence " } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": ">= 7.0 | <= 10.1.3 and Wonderware Intelligence <= 2014R3 ", "product": { "name": "Tableau Server/Desktop: Versions 7.0 to 10.1.3 included in Wonderware Intelligence Versions 2014R3 and prior", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "Tableau Server/Desktop" } ], "category": "vendor", "name": "Schneider Electric Software, LLC" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-5178", "cwe": { "id": "CWE-1392", "name": "Use of Default Credentials" }, "notes": [ { "category": "summary", "text": "Tableau Server is embedded within the Schneider Electric Wonderware Intelligence software and contains a system account that is installed by default. The default system account is difficult to modify to use non-default credentials after installation and changing the default credentials in the embedded Tableau Server is not documented. As such, Schneider Electric has released a new software version that removes the default system account in the embedded Tableau Server.If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Schneider Electric has released a new software version to address the identified vulnerability and recommends that users using affected versions apply Tableau Server Version 10.1.4. In addition, the Analytics Client (Tableau Desktop OEM) should also be upgraded to Version 10.1.4. Upgrading to Intelligence Server 2014 R3 is also recommended.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "The Schneider Electric customers using Wonderware Intelligence can login at the following support sites to download the Tableau patches:", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Tableau Analytics Dashboard Server v10.1.4", "product_ids": [ "CSAFPID-0001" ], "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22386" }, { "category": "mitigation", "details": "Tableau Analytics Client v10.1.4", "product_ids": [ "CSAFPID-0001" ], "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22385" }, { "category": "mitigation", "details": "Wonderware Intelligence 2014 R3", "product_ids": [ "CSAFPID-0001" ], "url": "https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22288" }, { "category": "mitigation", "details": "Schneider Electric has issued Security Bulletin LFSEC00000119, which contains additional information:", "product_ids": [ "CSAFPID-0001" ], "url": "http://software.schneider-electric.com/support/cyber-security-updates/" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2017-5178" } ] }