Friday, October 4, 2024
HomeCVE/vulnerabilityRed Team Research Discovered 6 new zero-day Vulnerabilities in Schneider Electric StruxureWare

Red Team Research Discovered 6 new zero-day Vulnerabilities in Schneider Electric StruxureWare

Published on

“A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals” – Norton.

A team was setup by TIM’s Cybersecurity to detect the vulnerabilities that a potential attacker could exploit to carry out particular attacks on TIM’s infrastructure and highlight the real impacts found out.

The activity was targeted at not just known vulnerabilities, but also at zero-day vulnerabilities (vulnerabilities not known publicly)

- Advertisement - EHA

Any zero day vulnerabilities found would be discreetly communicated to the manufacturer of the software to analyse and fix/patch the bug within 90 days

Schneider Electric, a European MNC which provides energy and automation solutions for efficiency and sustainability was the recent beneficiary of a few of the findings of this team.

The 6 vulnerabilities which are found are addressed below:

CVE-2020-7569

Vulnerability Description:  Unrestricted Upload of File with Dangerous Type
Software Version: VAM:  Schneider Electric StruxureWare Building Operation WebReports versions 1.0 – 3.1.
CVSv3: 4.6
Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

CVE-2020-7572 

Vulnerability Description: Improper Restriction of XML External Entity Reference
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv36.7A remote user, authenticated to Building Operation WebReports, is able to inject arbitrary XML code containing a reference to an external entity via a crafted HTTP request into the server-side XML parser without being sanitized. By exploiting this vulnerability, an attacker can access the contents of a file on the system potentially containing sensitive data, other restricted web resources via server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts like a denial of service.

CVE-2020-28209

Vulnerability Description: Windows Unquoted Search Path
Software Version: Schneider Electric StruxureWare Building Operation Enterprise Server Installer versions 1.0 – 3.1 and Enterprise Central Installer versions 2.0 – 3.1.
CVSv32.0Any local Windows user who has to write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central are always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.

CVE-2020-7570

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv36.4
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.

CVE-2020-7571

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Reflected)
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv3: 6.1
Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.

CVE-2020-7573

Vulnerability Description: Improper Access Control
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv35.0
A remote non-authenticated attacker is able to access a restricted web resource due to improper access control.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...