There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine. The flaw allows attackers to bypass the authentication mechanism on the server and get access to resources that should be protected.
Security researcher Billy Rios, a frequent finder of vulnerabilities in ICS and SCADA software, discovered the vulnerabilities in SchneiderWEB, the human-machine interface implemented in many of the company’s products. An advisory from ICS-CERT warns that the vulnerability is trivially exploitable.
“This vulnerability allows an attacker to bypass the basic authentication on the web server, which would allow unauthenticated administrative access and control over the device,” the advisory says.
“Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.”
The vulnerability SchneiderWEB component is in 22 of the company’s products, and Schneider Electric said that the affected products are deployed in a variety of sectors, including communications, manufacturing, energy, water and others. The company has released an updated firmware version for vulnerable products that fixes the bug.
“These vulnerabilities were discovered during cyber security research both by an external researcher and by Schneider Electric internal investigations. We have no evidence that these vulnerabilities have been exploited,” the Schneider Electric advisory says.