Today the DHS ICS-CERT published a control system security advisory for a credential management vulnerability in the Schneider Electric Wonderware Intelligence application. This is a self-reported vulnerability. Schneider has produced a new version that mitigates the vulnerability.
ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to escalate its privilege to an administrator and take control over the host machine where Tableau Server is installed.
According to the Schneider security bulletin, the problem is with the third-party program Tableau Server. Schneider provides a link to the Tableau security bulletin. That bulletin notes that: “The Tableau Server installation process leaves an account enabled that can allow an unauthorized remote attacker to gain access and perform administrative functions. This vulnerability does not affect installations that are configured to use Active Directory authentication.”
There is no indication in this ICS-CERT advisory that the Tableau Server is (or is not) used by any other ICS vendor.