OTPulse

Schneider Electric CNM

MonitorCVSS 7.8ICS-CERT ICSA-21-287-01Oct 12, 2021
Schneider ElectricEnergy
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

ConneXium Network Manager (CNM) contains a vulnerability that allows arbitrary command execution when a malicious .cxn project file is loaded. The vulnerability exists because Edit Mode is enabled by default with no password protection, allowing any loaded project to modify the CNM database and execute commands. The vulnerability is not remotely exploitable and requires a user to load a malicious project file into the CNM software on a local workstation. Schneider Electric has not released a patch and recommends users apply the Alarms Disabler Tool to preprocess project files and enable Edit Mode password protection.

What this means
What could happen
An attacker with local access to a workstation running ConneXium Network Manager could execute arbitrary commands on that machine, potentially allowing them to modify control logic, alter network configurations, or disrupt plant operations by manipulating the CNM project files and database.
Who's at risk
Network managers and engineering teams at energy utilities who use Schneider Electric ConneXium Network Manager (CNM) to configure and manage industrial networks and control systems. This affects any organization using CNM for switch configuration, device management, or network administration in electrical generation, transmission, or distribution environments.
How it could be exploited
An attacker must trick a user into opening a malicious .cxn project file on a CNM workstation. When the file is loaded without the Alarms Disabler Tool preprocessing, the attacker's malicious content is executed with the privileges of the CNM application. Since Edit Mode is enabled by default with no password protection, the attacker gains full access to modify control settings and network configurations.
Prerequisites
  • Local access to a workstation running ConneXium Network Manager
  • User must load a malicious .cxn project file into CNM
  • Edit Mode must be enabled (default condition)
  • No Edit Mode password protection must be set (default condition)
Local access required (not remotely exploitable)Requires user interaction (must open malicious file)Default unsafe configuration (Edit Mode enabled, no password)Supply chain risk (malicious files via email or file sharing)Affects network infrastructure and control configuration
Exploitability
Unlikely to be exploited — EPSS score 0.9%
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ConneXium Network Manager (Ethernet network management software) all versionsAll versionsNo fix (EOL)
ConneXium Network Manager: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDDownload and run the CNM Alarms Disabler Tool on all .cxn project files before loading them into CNM, especially those from external or untrusted sources
HARDENINGActivate Edit Mode password protection in CNM by switching to Run mode before exiting the application, and require this password for any changes
HARDENINGEstablish and enforce a policy to only load .cxn project files from trusted internal sources; do not load files from email, web downloads, or third parties without verification
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGRun ConneXium Network Manager sessions with non-administrator user rights unless administrative privileges are specifically required for the current task
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: ConneXium Network Manager (Ethernet network management software) all versions, ConneXium Network Manager: All versions. Apply the following compensating controls:
HARDENINGHarden CNM workstations by applying endpoint protection, network segmentation, and access controls to limit attack surface
View full CISA ICS-CERT advisory
API: /api/v1/advisories/e9e7c49b-116f-4e48-8ebd-773d4c0cac87

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Schneider Electric CNM | CVSS 7.8 - OTPulse