ClearSCADA

As part of Schneider Electric's continual push forward to improve the security of control systems we are pleased to announce that from the release of ClearSCADA 2015 R2 onwards file hashes for the ClearSCADA files will be available from the Support Team. These hashes can be used to assist in the verification that the files installed onto a system match the files at their build time and alongside the file certificate (available via the file's properties in Windows Explorer) could be used to help identify any unexpected changes in the file, as well as assisting with defining whitelisting rules.

The hashes are available for the following file types:

  • Hashes for the Schneider Electric files installed as part of the ClearSCADA installation procedure, both x86 and x64 versions
    • Includes executable files compiled by Schneider Electric, e.g. .exe, .dll and .wpf files
    • Includes third party components such as 7z.dll located within the ClearSCADA Program Files directory
    • Excludes the files installed by the prerequisites components such as Microsoft Runtimes and Crystal Reports Runtimes which are installed to their own folders
  • Hashes for the prerequisite installers
  • Hash for the ISO file

The following hash methods are available:

ClearSCADA 2015 R2 and ClearSCADA 2017 MD5 and SHA1
ClearSCADA 2017 R2 onwards SHA256

Hash Generation

The hashes for ClearSCADA and third party components are generated within the ClearSCADA build environment during the compiled and installer generatation, reducing the risk of external interference.

  • On 64-bit operating systems, the files under the "x64 Release" section are installed to "Program Files\Schneider Electric\ClearSCADA", and the files under the "Win32 Release" section are installed to the "Program Files (x86)\Schneider Electric\ClearSCADA" folder
  • On 32-bit operating systems, the files under "Win32 Release" are installed to "Program Files\Schneider Electric\ClearSCADA", the x64 files are not installed
Not all files will appear in the Program Files directories, the installed files will depend on your installation options

Using the Hash Information

Hashes of the downloaded ClearSCADA application files can be generated by users and compared against the hashes provided by Schneider Electric to assist verifying that the files have not been tampered with.

Examples of suitable tools that can be used include:

Tool/Command Comment
Get-ChildItem -Recurse | Get-FileHash -Algorithm [hash method] | Format-List Uses PowerShell, supports MD5, SHA1 and SHA256
certutil -hashfile [filename] [hash method] Uses Command Prompt or PowerShell, supports MD5, SHA1 and SHA256
Microsoft File Checksum Integrity Verifier tool Unsupported tool, MD5 and SHA1 only, download from https://www.microsoft.com/en-au/download/details.aspx?id=11533

Downloading the Hashes

The hashes for a specific ClearSCADA released version (from 2015 R2 onward) can be provided to users by creating a request via the Support Team.