SAINT CorporationSAINT:DCF369B854B4C7DF140B1E824A9CB5E1Schneider Electric StruxureWare Building Operation Automation Server msh bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.4%
Added: 03/14/2016
CVE: CVE-2016-2278
Background
The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized buildings.
Problem
A vulnerability in the Automation Server product allows remote, authenticated users to bypass the **msh** (minimal shell) restrictions and execute arbitrary operating system commands. This vulnerability can be exploited using the default admin account if the password has not been changed.
Resolution
See SEVD-2016-025-01 for fix information.
References
<https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01>
<https://www.exploit-db.com/exploits/39522/>
Limitations
Exploit works on Automation Server 1.7 and earlier if the default admin password has not been changed.
Platforms
Linux
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.4%