28 May 2020

Multiple vulnerabilities in EcoStruxure Operator Terminal Expert

Multiple vulnerabilities have been detected in Schneider Electric’s EcoStruxure Operator Terminal Expert. These vulnerabilities could potentially allow unauthorized access to accounts or remote code execution.

The CVE-2020-7493 SQL injection vulnerability is the most dangerous and has been assigned a score of 8.6 on the CVSS v.3 scale. A threat actor needs to make a user open an infected project file to exploit this vulnerability.

Using another type of injection – argument injection (CVE-2020-7496) – a remote hacker can trick a user into opening a specially crafted project file. The hacker then gains unauthorized write access in the target system.

In addition, three path traversal vulnerabilities (CVE-2020-7494, CVE-2020-7495 and CVE-2020-7497) were discovered in the solution. To exploit CVE-2020-7494 and CVE-2020-7495, threat actors need to make users visit a malicious web page or open a malicious file. The CVE-2020-7497 vulnerability can lead to arbitrary application execution when the computer starts.

Schneider Electric recommends installing the EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A to mitigate these vulnerabilities.

Source: ICS-CERT