SEW-EURODRIVE MOVITOOLS MotionStudio

Monitor5.5ICS-CERT ICSA-24-016-01Jan 16, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MOVITOOLS MotionStudio 6.5.0.2 contains an XML external entity (XXE) vulnerability in how it handles file operations through the SEWManager.exe application. A user with local access to an affected system can read arbitrary files from the computer without additional authentication, gaining access to project configurations, drive parameters, and other sensitive engineering data. The vulnerability is local-only and not remotely exploitable.

What this means

What could happen

An attacker with local access to a system running MOVITOOLS MotionStudio could read sensitive files and project information without authentication, potentially exposing configuration data for drive systems and motion control applications.

Who's at risk

This affects organizations using SEW-EURODRIVE MOVITOOLS MotionStudio for configuring and controlling variable frequency drives (VFDs) and motion control systems. Primarily impacts electrical equipment manufacturers, water/wastewater treatment plants, food processing, and other facilities that use SEW-EURODRIVE drive systems.

How it could be exploited

An attacker must have local file system access to the computer running MOVITOOLS MotionStudio. The vulnerability allows the SEWManager.exe application to expose file information, which the attacker can access directly from the local system or via a shared network drive if the application folder is accessible.

Prerequisites

- Local user access to the engineering workstation or server running MOVITOOLS MotionStudio - Application installed on the target system (version 6.5.0.2) - No special privileges required to read exposed files

- Local access required (reduces exposure but still relevant in multi-user environments) - No authentication bypass (user must already have system access) - Sensitive file disclosure (configuration and project data exposure) - End-of-life product version

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

MOVITOOLS MotionStudio: 6.5.0.26.5.0.26.70

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDCreate a firewall rule blocking outgoing TCP connections from SEWManager.exe to restrict data exposure until patch is deployed

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MOVITOOLS MotionStudio to version 6.70 or later when available

HARDENINGRestrict local access to engineering workstations and restrict network sharing of the MOVITOOLS application folder to authorized personnel only

CVEs (1)

CVE-2024-1167

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/22acb099-2fc9-4050-837d-f374bccfd000