Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016
CVE: CVE-2016-2278

Background

The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized buildings.

Problem

A vulnerability in the Automation Server product allows remote, authenticated users to bypass the **msh** (minimal shell) restrictions and execute arbitrary operating system commands. This vulnerability can be exploited using the default admin account if the password has not been changed.

Resolution

See SEVD-2016-025-01 for fix information.

References

<https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01&gt;
<https://www.exploit-db.com/exploits/39522/&gt;

Limitations

Exploit works on Automation Server 1.7 and earlier if the default admin password has not been changed.

Platforms

Linux