OTPulse
FeedAboutContact

Schneider Electric Easergy Studio

Plan Patch7.8ICS-CERT ICSA-25-023-04Oct 8, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric Easergy Studio contains an improper file permission vulnerability in its installation directory. Versions 9.3.1 and earlier do not properly restrict access to installation files, allowing a local attacker with file system access to escalate privileges and potentially modify control device configurations, access sensitive data, or disrupt system monitoring. The vulnerability affects systems used for configuring and managing Schneider Electric control devices.

What this means
What could happen
An attacker with local file system access to a workstation running Easergy Studio could escalate privileges and gain unauthorized access to the installation directory, potentially allowing manipulation of control device configurations.
Who's at risk
This affects energy utilities and industrial facilities that use Schneider Electric Easergy Studio for configuring and managing control devices such as protection relays, intelligent electronic devices (IEDs), and other networked control equipment. Any organization with engineering workstations running Easergy Studio version 9.3.1 or earlier is at risk if those workstations are not properly secured.
How it could be exploited
An attacker must first gain local file system access to the machine running Easergy Studio (either through compromised credentials, physical access, or another local vulnerability). They then exploit improper permission handling in the installation directory to escalate privileges and modify control device settings or steal configuration data.
Prerequisites
  • Local file system access to the computer running Easergy Studio
  • User or system-level credentials on the affected workstation
  • Easergy Studio versions 9.3.1 or earlier must be installed
Local access required (not remotely exploitable)Requires user credentialsLow complexity exploitNo patch available at time of advisory (though fix exists as of Dec 2022)Affects configuration and control of safety-critical devices
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Easergy Studio≤ 9.3.19.3.4
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGRestrict file system access permissions to the Easergy Studio installation directory so only authorized users can read or modify configuration files
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Easergy Studio to version 9.3.4 or later
Long-term hardening
0/3
HARDENINGIsolate engineering workstations running Easergy Studio from the business network and place behind a firewall
HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing machines running Easergy Studio
HARDENINGNever connect Easergy Studio to any network other than the network intended for that control system
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c7fa1a31-0e83-41c4-9658-6a2365bf4c5a
Schneider Electric Easergy Studio | CVSS 7.8 - OTPulse