Schneider Electric Struxureware Building Operations Improper Access Control (CVE-2016-2278)

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism. This plugin only works with Tenable.ot. Please...

ICS, SCADA Security Woes Linger On

A handful of worrisome vulnerabilities in Honeywell building automation system software disclosed last week are case in point of how far the industry continues to lag in securing SCADA and industrial control systems. Honeywell published in September new firmware that patches vulnerabilities...

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

Input validation

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

CVE-2016-2278

Affected product: Schneider Electric StruxureWare Building Operation Automation Server (AS 1.7 and earlier; AS-P 1.7 and earlier). Root cause: improper bypass of the msh minimal-shell protection allows remote authenticated administrators to execute arbitrary OS commands. Impact: remote command ex...