OTPulse
FeedAboutContact

MSX Configurator

Monitor5.6SEVD-2020-014-01Jan 14, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

Schneider Electric MSX Configurator contains an improper input handling vulnerability (CWE-427) in versions prior to 1.0.8.1. An authenticated local user with valid credentials can trigger this vulnerability through the user interface, potentially escalating privileges or causing application denial of service.

What this means
What could happen
An authenticated local user could manipulate the MSX Configurator software to achieve elevated privileges or cause the application to crash, potentially disrupting configuration management of Schneider Electric devices in energy infrastructure.
Who's at risk
Energy sector organizations using MSX Configurator for device configuration and management. This affects IT and control system engineers who use the software to configure and maintain Schneider Electric devices in power generation, distribution, and grid management systems.
How it could be exploited
An attacker with local access and valid user credentials to a workstation running MSX Configurator could trigger improper input handling (CWE-427) through the user interface, escalating privileges or causing a denial of service condition without requiring administrative rights.
Prerequisites
  • Local access to a workstation running MSX Configurator
  • Valid non-administrative user credentials on the workstation
  • User interaction required (must click or interact with malicious input)
requires local accessrequires valid credentialsuser interaction neededaffects configuration tools
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
MSX Configurator software prior to V1.0.8.1<1.0.8.11.0.8.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MSX Configurator to version 1.0.8.1 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f57db032-4607-43b4-adb3-a88083ff3065