OTPulse
FeedAboutContact

Harmony® eXLhoist

Monitor6.5SEVD-2020-224-06Aug 11, 2020
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric Harmony eXLhoist base stations are vulnerable to the SweynTooth Bluetooth Low Energy (BLE) vulnerability. An attacker within BLE radio range can send malformed packets to crash or freeze the base station, preventing remote control and monitoring of the hoist system. The vulnerability affects base station firmware version 04.00.02.00 and earlier. No user interaction or authentication is required to trigger the vulnerability.

What this means
What could happen
A remote attacker within Bluetooth range of the eXLhoist base station could crash or freeze the device, disrupting remote control and monitoring of the hoist system and potentially leaving loads uncontrolled.
Who's at risk
Energy utilities and industrial facilities using Schneider Electric Harmony eXLhoist systems for remote load handling and material movement operations. This affects any site where wireless hoist control is relied upon for daily operations.
How it could be exploited
An attacker within Bluetooth Low Energy (BLE) radio range (typically 50-100 meters) sends specially crafted BLE packets to the eXLhoist base station. The SweynTooth vulnerability allows these packets to trigger a denial-of-service condition without any authentication or user interaction, rendering the base station unresponsive.
Prerequisites
  • Attacker within Bluetooth Low Energy radio range of the eXLhoist base station (approximately 50-100 meters)
  • No authentication credentials required
  • Base station running affected firmware version 04.00.02.00 or earlier
Remotely exploitable via Bluetooth Low EnergyNo authentication requiredLow complexity attackDenial of service impact on critical lifting equipmentGeneric BLE flaw affecting multiple Bluetooth devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Harmony® eXLhoist base stations V04.00.02.00 and prior≤ 04.00.02.0004.00.03.00
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDConsider operating the hoist in manual or hardwired control mode if possible during the maintenance window for the firmware update
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Harmony eXLhoist base station firmware to version 04.00.03.00 or later
Long-term hardening
0/1
HARDENINGRestrict physical access to areas where the eXLhoist base station operates to limit Bluetooth exposure to authorized personnel only
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e6ec9034-b5a3-4d8b-b2a5-99998a5abfcd
Harmony® eXLhoist | CVSS 6.5 - OTPulse