Schneider Electric C-Bus Toolkit

Act Now8.8ICS-CERT ICSA-21-105-01Apr 15, 2021

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric C-Bus Toolkit versions 1.15.7 and prior contain improper access control (CWE-269) and path traversal (CWE-22) vulnerabilities that may allow remote code execution. CVSS 8.8.

What this means

What could happen

An attacker with workstation access could execute arbitrary code on the engineering machine, potentially allowing them to modify control system configurations, alter setpoints, or disrupt building operations. The compromise could cascade to any control systems managed by that workstation.

Who's at risk

Energy sector operators using Schneider Electric C-Bus Toolkit for building/energy management and automation on engineering workstations. Anyone who deploys this toolkit for HVAC, lighting, or control system configuration should treat this as critical.

How it could be exploited

An attacker with network access to a workstation running C-Bus Toolkit (or a path to compromise that workstation, such as via phishing or lateral movement) could exploit the improper access control and path traversal flaws to run commands as the toolkit application. From there, they could reconfigure connected building controls or export configuration files for further attack planning.

Prerequisites

Network access to the workstation running C-Bus Toolkit, or ability to compromise the workstation via phishing or malware
C-Bus Toolkit version 1.15.7 or earlier installed
The toolkit must be in use or accessible to the attacker

remotely exploitablehigh CVSS score (8.8)high EPSS score (13.6%)no patch availableaffects building/energy control systems

Exploitability

High exploit probability (EPSS 13.6%)

Affected products (1)

ProductAffected VersionsFix Status

C-Bus Toolkit: v1.15.7 and prior≤ 1.15.7No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

WORKAROUNDImplement network allow-list rules to restrict access to the C-Bus Toolkit application to only authorized workstations and networks

HARDENINGEnable the Windows Firewall on all engineering workstations running C-Bus Toolkit

HARDENINGDeploy and maintain antivirus software on all workstations running C-Bus Toolkit

HARDENINGRestrict physical and remote access to workstations running C-Bus Toolkit to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade C-Bus Toolkit to a version newer than 1.15.7 when available from Schneider Electric

Mitigations - no patch available

0/1

C-Bus Toolkit: v1.15.7 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the engineering workstation network running C-Bus Toolkit from the business network using a firewall or network segmentation

CVEs (5)

CVE-2021-22716 CVE-2021-22717 CVE-2021-22718 CVE-2021-22719 CVE-2021-22720

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d7af913e-2c53-45bb-a615-c779db32f26a