Multiple vulnerabilities in Schneider Electric EcoStruxure Building Operation



Published: 2021-03-08
Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-7569
CVE-2020-7570
CVE-2020-7571
CVE-2020-7572
CVE-2020-7573
CVE-2020-28209
CVE-2020-28210
CWE-ID CWE-434
CWE-79
CWE-611
CWE-284
CWE-428
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
EcoStruxure Building Operation WebReports
Server applications / Other server solutions

EcoStruxure Building Operation Enterprise Server installer
Server applications / Other server solutions

EcoStruxure Building Operation Enterprise Central installer
Server applications / Other server solutions

EcoStruxure Building Operation WebStation
Server applications / Other server solutions

Vendor Schneider Electric

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Arbitrary file upload

EUVDB-ID: #VU51253

Risk: Medium

CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7569

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation WebReports: 1.9 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stored cross-site scripting

EUVDB-ID: #VU51254

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7570

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation WebReports: 1.9 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

EUVDB-ID: #VU51255

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7571

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation WebReports: 1.9 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) XML External Entity injection

EUVDB-ID: #VU51256

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7572

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote authenticated attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation WebReports: 1.9 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU51257

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7573

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can access to restricted web resources.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation WebReports: 1.9 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Unquoted Search Path or Element

EUVDB-ID: #VU51258

Risk: Low

CVSSv3.1: 1.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28209

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an unquoted search path issue. A local administrator can gain the privilege of the user who started the service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Building Operation Enterprise Server installer: 1.9 - 3.1

EcoStruxure Building Operation Enterprise Central installer: 2.0 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site scripting

EUVDB-ID: #VU51259

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28210

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

Vulnerable software versions

EcoStruxure Building Operation WebStation: 2.0 - 3.1

External links

http://www.se.com/ww/en/download/document/SEVD-2020-315-04/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###