OTPulse
FeedAboutContact

Schneider Electric Easergy Studio

Plan Patch7.8ICS-CERT ICSA-24-011-05Jan 11, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Easergy Studio versions prior to 9.3.6 contain an unsafe deserialization vulnerability (CWE-502) that could allow an attacker with local access to a workstation to execute arbitrary code with the privileges of the logged-in user. Successful exploitation would give full control of the engineering workstation, potentially enabling modification of power system settings or engineering files.

What this means
What could happen
An attacker with local access to an Easergy Studio workstation could execute arbitrary code and gain full control of that machine, potentially allowing them to modify or delete engineering files, alter power system configurations, or disrupt energy management operations.
Who's at risk
Energy utilities and power system operators who use Schneider Electric Easergy Studio for power system engineering, configuration, and management. This primarily affects engineering and control center staff who rely on this workstation software to manage energy distribution systems and power equipment.
How it could be exploited
An attacker must first gain local access to a workstation running Easergy Studio (through physical access, compromised user account, or lateral movement from a compromised system). They can then exploit a deserialization vulnerability to execute arbitrary code with the privileges of the user running the application, achieving full workstation compromise.
Prerequisites
  • Local access to the workstation running Easergy Studio
  • User privileges (attacker must be logged in or able to trigger the vulnerable code path)
  • Easergy Studio version prior to 9.3.6
Affects engineering workstations used to configure critical infrastructureLocal access required but can follow from network compromise or insider threatFull workstation control allows modification of engineering configurationsNo public exploit available yet
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Easergy Studio: <v9.3.5<v9.3.59.3.6
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict local access to workstations running Easergy Studio through access controls and monitoring
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Easergy Studio to version 9.3.6 or later via Schneider Electric Software Update (SESU)
HARDENINGImplement proper backups and test patches in a development or offline environment before applying to production engineering systems
Long-term hardening
0/1
HARDENINGIsolate engineering workstations running Easergy Studio from the business network and restrict lateral movement from compromised systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d2f78b0b-5ad1-48e5-bf66-5df67b59047e
Schneider Electric Easergy Studio | CVSS 7.8 - OTPulse