Rewterz Threat Advisory – ICS: Schneider Electric Vulnerabilities

February 11, 2022

Severity

High

Analysis Summary

CVE-2022-22807

Schneider Electric EcoStruxure EV Charging Expert could allow a remote attacker to bypass security restrictions, caused by improper restriction of rendered UI layers or frames. By deceiving a victim using the web interface rendered within iframes, an attacker could exploit this vulnerability to cause modifications of the product settings.

CVE-2021-22817

Schneider Electric Harmony/Magelis iPC Series HMI, Vijeo Designer and Vijeo Designer Basic could allow a local attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain unauthorized access to the base installation directory to gain elevated privileges.

CVE-2022-22808

Schneider Electric EcoStruxure EV Charging Expert could allow a remote attacker to gain unauthorized access to the system, caused by a permissive cross-domain policy with untrusted domains. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to gain unauthorized access to restricted resources.

CVE-2022-22809

Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk could allow a remote attacker to bypass security restrictions, caused by missing authentication for a critical function. By sending a specially-crafted request, an attacker could exploit this vulnerability to modify the touch configurations.

CVE-2022-22810

Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk is vulnerable to a brute force attack, caused by improper restriction of excessive authentication attempts by the login service. By using brute force techniques, a remote attacker could exploit this vulnerability to takeover the account of the administrator.

CVE-2022-22811

Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change system’s configuration. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2022-22812

Schneider Electric spaceLYnk, Wiser for KNX, and fellerLYnk are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-22813

Easergy P40 contains a default hardcoded TLS cryptographic key. A remote attacker could exploit this vulnerability to take active control of the Courier tunneling communication network, allowing the attacker to observe and manipulate traffic associated with product configuration.

CVE-2022-24318

Schneider EcoStruxure Geo SCADA Expert could allow a remote attacker to bypass security restrictions, caused by inadequate encryption strength vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to cause non-encrypted communication with the server.

CVE-2022-24319

Schneider EcoStruxure Geo SCADA Expert is vulnerable to a man-in-the-middle attack, caused by improper certificate validation vulnerability. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.

CVE-2022-24320

Impact

Security Bypass
Privilege Escalation
Unauthorized Access
Information disclosure

Indicators of Compromise

CVEs

CVE-2022-22807
CVE-2021-22817
CVE-2022-22808
CVE-2022-22809
CVE-2022-22810
CVE-2022-22811
CVE-2022-22812
CVE-2022-22813
CVE-2022-24318
CVE-2022-24319
CVE-2022-24320

Affected Vendors

Schneider Electric

Affected Products

Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDB
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDS
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDM
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDL
Schneider Electric Harmony/Magelis iPC Series
Schneider Electric Vijeo Designer 6.2 SP11
Schneider Electric Vijeo Designer Basic 1.2.1
Schneider Electric spaceLYnk 2.6.2
Schneider Electric Wiser for KNX 2.6.2 Schneider Electric fellerLYnk 2.6.2
Schneider Electric Easergy P40 PX4X
Schneider Electric EcoStruxure Geo SCADA Expert 2019
Schneider Electric EcoStruxure Geo SCADA Expert 2020
Schneider Electric ClearSCADA

Remediation

Refer to Schneider Electric for patch, upgrade or suggested workaround information.

CVE-2022-22807
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
CVE-2021-22817
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
CVE-2022-22808
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
CVE-2022-22809
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
CVE-2022-22810
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
CVE-2022-22811
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
CVE-2022-22812
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
CVE-2022-22813
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
CVE-2022-24318
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05
CVE-2022-24319
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05
CVE-2022-24320

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05