Use of hard-coded credentials in SoMachine

1) Use of hard-coded credentials

EUVDB-ID: #VU39268

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-7574

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SoMachine: 1.4

CPE2.3

• cpe:2.3:a:schneider_electric:somachine:1.4:*:*:*:*:*:*:*

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01
https://www.securityfocus.com/bid/97518
https://os-s.net/advisories/OSS-2017-02.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.