SchneiderWEB Server Directory Traversal Fixed

Friday, October 3, 2014 @ 02:10 PM gHale

Schneider Electric created a firmware update that mitigates a directory traversal vulnerability in its web HMI, SchneiderWEB, according to a report on ICS-CERT.

Independent researcher Billy Rios, who discovered the issue, tested the update to validate that it resolves the remotely exploitable vulnerability.

Patches Ready for Bash Hole
Advantech Fixes Overflow Holes
Yokogawa CENTUM, Exaopc Vulnerability
Schneider Eyes Fix for SCADA Holes

There are 22 affected products containing 66 affected part numbers. Please download Schneider Electric Security Notification SEVD-14-260-01 for the affected product details.

This vulnerability allows an attacker to bypass the basic authentication on the web server, which would allow unauthenticated administrative access and control over the device.

Schneider Electric corporate headquarters is in Paris, France, and maintains offices in 190 countries worldwide.

The Schneider-Electric PLC products see use in a wide variety of automation and control applications across all industrial, infrastructure, and building sectors. The SchneiderWEB product sees action across several sectors including communications, critical manufacturing, energy, and water and wastewater systems. Schneider Electric estimates these products see use in applications worldwide.

Using directory traversals an attacker can bypass the basic authentication mechanism in the web server and gain unauthorized access to protected resources. This vulnerability would require network access to the target device through TCP/IP and particularly HTTP.

CVE-2014-0754 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

While no known public exploits specifically target the hole, an attacker with a low skill would be able to exploit this vulnerability. Click here to download the vulnerability disclosure.

In addition, search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to download the vulnerability disclosure. This URL site can also end up used to download firmware updates identified in the vulnerability disclosure.

Schneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:
• Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.
• Disable Port 80 (HTTP) on modules where it is possible.
• Block Port 80 in firewalls to these devices, except for trusted devices.

Leave a Reply

You must be logged in to post a comment.