Rewterz

Rewterz Threat Advisory – Multiple Dell Products Vulnerabilities

November 17, 2023
Rewterz

Rewterz Threat Advisory – ICS: Multiple Hitachi Energy MACH System Vulnerabilities

November 17, 2023

Rewterz Threat Advisory – ICS: Multiple Schneider Electric Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-5984 CVSS:7.2

Schneider Electric PowerLogic ION8650 and ION8800 could allow a remote authenticated attacker to bypass security restrictions, caused by a download of code without integrity check flaw. By using a specially crafted file, an attacker could exploit this vulnerability to start a firmware update procedure.

CVE-2023-5985 CVSS:4.8

Schneider Electric PowerLogic ION8650 and ION8800 are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-5986 CVSS:8.2

Schneider Electric EcoStruxure products could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

CVE-2023-5987 CVSS:6.1

Schneider Electric EcoStruxure products are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-6032 CVSS:5.3

Schneider Electric Galaxy VS and VL could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the Network Management Card. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to perform file system enumeration and file download.

Impact

  • Security Bypass
  • Cross-Site Scripting
  • Gain Access
  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2023-5984
  • CVE-2023-5985
  • CVE-2023-5986
  • CVE-2023-5987
  • CVE-2023-6032

Affected Vendors

Schneider Electric

Affected Products

  • Schneider Electric PowerLogic ION8800
  • Schneider Electric PowerLogic ION8650
  • Schneider Electric EcoStruxure Power Monitoring Expert 2020
  • Schneider Electric EcoStruxure Power Monitoring Expert 2021
  • Schneider Electric EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module 2020
  • Schneider Electric EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module 2021
  • Schneider Electric EcoStruxure Power SCADA Operation (PSO) Advanced Reporting and Dashboards Module 2020
  • Schneider Electric Galaxy VS 6.82
  • Schneider Electric Galaxy VL 12.21

Remediation

Refer to Schneider Electric Security Advisory for patch, upgrade or suggested workaround information.

Schneider Electric PowerLogic

Schneider Electric EcoStruxure

Schneider Electric Galaxy

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.