Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability
Low RiskICS-CERT ICSA-15-167-01Mar 19, 2015
Summary
StruxureWare Building Expert MPM stores authentication credentials in plaintext in configuration files and databases. An attacker with access to the application files or database can read these credentials and use them to gain unauthorized access to the building automation system and manipulate critical control parameters. This vulnerability affects version 2.15 and earlier.
What this means
What could happen
Credentials stored in plaintext in StruxureWare Building Expert MPM can be read by anyone with access to the application configuration or database, allowing attackers to impersonate legitimate users and gain unauthorized control of building automation systems.
Who's at risk
Energy sector operators managing building automation and climate control systems using StruxureWare Building Expert MPM (version 2.15 and earlier) are affected. This includes facilities relying on this software to manage HVAC, lighting, and other critical building systems.
How it could be exploited
An attacker with local or network access to the StruxureWare Building Expert system can read plaintext credentials from configuration files or the application database. These credentials can then be used to authenticate to the building automation system and modify critical setpoints, disable alarms, or shut down HVAC and control systems.
Prerequisites
- Local or network access to the StruxureWare Building Expert server or application files
- Ability to read configuration files or access the application database
- No privilege escalation required if files are world-readable
No authentication required to access plaintext credentialsNo patch available from vendorAffects building automation and critical facilities systemsDefault or easily guessable credentials likely in use
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
StruxureWare Building Expert MPM: <2.15.<2.15.No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGRestrict file and database access permissions on StruxureWare Building Expert servers to authorized administrators only
HARDENINGDisable local access to StruxureWare Building Expert servers except for essential administrative personnel
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor configuration and database files for unauthorized access attempts
Long-term hardening
0/1HOTFIXPlan migration to a newer version of StruxureWare Building Expert that encrypts credentials in transit and at rest
Mitigations - no patch available
0/1StruxureWare Building Expert MPM: <2.15. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegregate StruxureWare Building Expert systems from general IT networks using a dedicated VLAN or air-gapped network segment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a1a39490-b3cc-4d87-8e59-25f9803c7031