Multiple vulnerabilities have been detected in Schneider Electric’s EcoStruxure Operator Terminal Expert. These vulnerabilities could potentially allow unauthorized access to accounts or remote code execution.
The CVE-2020-7493 SQL injection vulnerability is the most dangerous and has been assigned a score of 8.6 on the CVSS v.3 scale. A threat actor needs to make a user open an infected project file to exploit this vulnerability.
Using another type of injection – argument injection (CVE-2020-7496) – a remote hacker can trick a user into opening a specially crafted project file. The hacker then gains unauthorized write access in the target system.
In addition, three path traversal vulnerabilities (CVE-2020-7494, CVE-2020-7495 and CVE-2020-7497) were discovered in the solution. To exploit CVE-2020-7494 and CVE-2020-7495, threat actors need to make users visit a malicious web page or open a malicious file. The CVE-2020-7497 vulnerability can lead to arbitrary application execution when the computer starts.
Schneider Electric recommends installing the EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A to mitigate these vulnerabilities.