Fr. Sauter AG CASE Suite

Plan Patch7.5ICS-CERT ICSA-18-305-04Nov 1, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Fr. Sauter AG CASE Suite versions 3.10 and earlier contain an XML external entity (XXE) injection vulnerability that allows an attacker to remotely retrieve unauthorized files from the system without authentication or user interaction. The vulnerability is exposed through the application's handling of XML input.

What this means

What could happen

An attacker could remotely download sensitive files from your CASE Suite server, including configuration data, credentials, or project files, without needing valid login credentials. This could expose your building automation logic and system configuration to an attacker.

Who's at risk

Building automation engineers and operators running Fr. Sauter AG CASE Suite for building management systems should prioritize this patch. CASE Suite is commonly used for configuring and managing HVAC, lighting, and access control systems in commercial buildings and facilities. Any organization relying on CASE Suite for operational building control is affected.

How it could be exploited

An attacker sends a malicious XML request to the CASE Suite application over the network (port typically 80 or 443). The XXE vulnerability in the XML parser allows the attacker to define external entities pointing to local files on the server. When the application processes the XML, it reads and returns the contents of arbitrary files accessible to the CASE Suite service account.

Prerequisites

Network access to the CASE Suite application port (typically HTTP/HTTPS)
No valid credentials or authentication required
The vulnerable CASE Suite application must be network-reachable

remotely exploitableno authentication requiredlow complexityfile disclosure of sensitive datano public exploit available yet

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

CASE Suite:≤ 3.103.10 Service Release 1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf you cannot apply the patch immediately, restrict network access to the CASE Suite application to only trusted administrative workstations and engineering networks. Use a firewall to block external access to the CASE Suite port.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Fr. Sauter AG CASE Suite Version 3.10 Service Release 1 or later to all systems running version 3.10 or earlier. Contact your local Fr. Sauter support channel to obtain the service release.

Long-term hardening

0/2

HARDENINGSegment your building automation network from your business network. Do not expose the CASE Suite server to the Internet or untrusted networks.

HARDENINGIf remote access to CASE Suite is required, use a VPN connection from a trusted, fully patched workstation rather than exposing the application directly.

CVEs (1)

CVE-2018-17912

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b76b41ca-e876-4764-9eea-f025f6692ac2