OTPulse

Schneider Electric Conext ComBox

Act NowCVSS 7.5ICS-CERT ICSA-17-061-02Mar 2, 2017
Schneider ElectricEnergy
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Conext ComBox model 865-1058 contains a denial-of-service vulnerability caused by improper input validation (CWE-400). An attacker can send crafted network requests that cause the device to exhaust system resources and become unresponsive, preventing normal operation and communication with the battery energy storage or renewable generation system it controls. The vulnerability is remotely exploitable with no authentication required and affects all firmware versions below 3.03 BN 830. Schneider Electric has determined this product is end-of-life and will not release a security patch.

What this means
What could happen
An attacker can flood the Conext ComBox with network traffic, causing the device to become unresponsive and stop communicating with associated equipment. This could interrupt monitoring and control of the battery energy storage or renewable generation system it manages.
Who's at risk
Energy utilities and facility managers who operate Schneider Electric Conext ComBox controllers for battery energy storage systems, renewable generation, or microgrid applications. This affects the monitoring and control layer for distributed energy resources.
How it could be exploited
An attacker on the network sends a large volume of requests to the Conext ComBox on its management port. The device lacks rate limiting or input validation, causing it to consume all available resources and become unavailable. No authentication or credentials are required.
Prerequisites
  • Network connectivity to the Conext ComBox management interface
  • No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (20.5%)no patch available
Exploitability
Likely to be exploited — EPSS score 20.5%
Affected products (1)
ProductAffected VersionsFix Status
Conext ComBox model 865-1058: all< 3.03 BN 830No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the Conext ComBox management interface using firewall rules; only allow connections from authorized engineering workstations and monitoring systems
HARDENINGImplement rate limiting or connection throttling on network devices upstream of the ComBox to mitigate volumetric denial-of-service attacks
Mitigations - no patch available
0/2
Conext ComBox model 865-1058: all has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the Conext ComBox onto a dedicated management VLAN separate from general IT network traffic
HARDENINGMonitor ComBox availability and network traffic for signs of attack; alert on sudden loss of connectivity or unusual traffic patterns
View full CISA ICS-CERT advisory
API: /api/v1/advisories/f5ca8ccf-42b4-48ea-9b20-67c9289c41ac

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Schneider Electric Conext ComBox | CVSS 7.5 - OTPulse