Thursday, March 28, 2024

Red Team Research Discovered 6 new zero-day Vulnerabilities in Schneider Electric StruxureWare

“A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals” – Norton.

A team was setup by TIM’s Cybersecurity to detect the vulnerabilities that a potential attacker could exploit to carry out particular attacks on TIM’s infrastructure and highlight the real impacts found out.

The activity was targeted at not just known vulnerabilities, but also at zero-day vulnerabilities (vulnerabilities not known publicly)

Any zero day vulnerabilities found would be discreetly communicated to the manufacturer of the software to analyse and fix/patch the bug within 90 days

Schneider Electric, a European MNC which provides energy and automation solutions for efficiency and sustainability was the recent beneficiary of a few of the findings of this team.

The 6 vulnerabilities which are found are addressed below:

CVE-2020-7569

Vulnerability Description:  Unrestricted Upload of File with Dangerous Type
Software Version: VAM:  Schneider Electric StruxureWare Building Operation WebReports versions 1.0 – 3.1.
CVSv3: 4.6
Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

CVE-2020-7572 

Vulnerability Description: Improper Restriction of XML External Entity Reference
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv36.7A remote user, authenticated to Building Operation WebReports, is able to inject arbitrary XML code containing a reference to an external entity via a crafted HTTP request into the server-side XML parser without being sanitized. By exploiting this vulnerability, an attacker can access the contents of a file on the system potentially containing sensitive data, other restricted web resources via server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts like a denial of service.

CVE-2020-28209

Vulnerability Description: Windows Unquoted Search Path
Software Version: Schneider Electric StruxureWare Building Operation Enterprise Server Installer versions 1.0 – 3.1 and Enterprise Central Installer versions 2.0 – 3.1.
CVSv32.0Any local Windows user who has to write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central are always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.

CVE-2020-7570

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv36.4
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.

CVE-2020-7571

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Reflected)
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv3: 6.1
Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.

CVE-2020-7573

Vulnerability Description: Improper Access Control
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
CVSv35.0
A remote non-authenticated attacker is able to access a restricted web resource due to improper access control.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles