CVE-2017-5155 Schneider Electric CVE debrief

Who should care

Administrators and operators of Schneider Electric Wonderware Historian deployments, especially OT/ICS teams, Windows and database administrators, and asset owners responsible for affected Historian servers or connected resources.

Technical summary

The issue is a default-password condition in accounts created by Wonderware Historian. The NVD record maps the affected scope to Wonderware Historian 2014 R2 SP1 P01 and earlier. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, the exposure is treated as remotely reachable without prior authentication. The practical risk is unauthorized access to Historian databases and, depending on the installation, adjacent resources.

Defensive priority

High

Recommended defensive actions

• Follow the Schneider Electric vendor bulletin and ICS-CERT advisory for the product-specific remediation path.
• Replace any default passwords on Historian-created logins with unique, strong credentials.
• Audit Historian accounts, database permissions, and related service credentials for unexpected or shared defaults.
• Restrict network access to Historian and its database components to trusted administrative and OT management segments.
• Review logs and access history for signs of unauthorized database or resource access.
• Apply vendor-recommended updates or compensating controls for affected versions before returning the system to normal trust.

Evidence notes

Source corpus evidence comes from the official NVD record, which states the issue is that Wonderware Historian creates logins with default passwords and identifies affected versions as 2014 R2 SP1 P01 and earlier. The same record provides the CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L and lists the vulnerable CPE for Schneider Electric Wonderware Historian. The supplied enrichment marks this CVE as not in CISA KEV.

Official resources