1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: Schneider Electric
- Equipment: EcoStruxure
- Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL).
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected:
- EcoStruxure Control Expert: Versions prior to V16.1
- EcoStruxure Process Expert: All versions
- EcoStruxure OPC UA Server Expert: All versions
- EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1
- EcoStruxure Machine SCADA Expert Asset Link: All versions
- EcoStruxure Architecture Builder: Versions prior to V7.0.18
- EcoStruxure Operator Terminal Expert: All versions
- Vijeo Designer: Version prior to V6.3SP1 HF1
- EcoStruxure Machine Expert including EcoStruxure Machine Expert Safety: All versions
- EcoStruxure Machine Expert Twin: All versions
- Zelio Soft 2: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 Uncontrolled Search Path Element CWE-427
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
CVE-2024-2658 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is ([…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: