SoSafe Configurable
Monitor6.5SEVD-2021-194-03Jul 13, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
SoSafe Configurable prior to version 1.8.1 contains an unsafe deserialization vulnerability that could allow an attacker to execute arbitrary code on an engineering workstation through a malicious project file. The product is used to configure Preventa safety controllers.
What this means
What could happen
An attacker could execute arbitrary code on an engineering workstation if a user opens a malicious SoSafe Configurable project file, potentially compromising the safety controller configuration and the ability to safely manage Preventa safety systems.
Who's at risk
Energy sector organizations using SoSafe Configurable for engineering and maintenance of Preventa safety controllers should prioritize this patch. Anyone responsible for configuring or managing safety controller projects is at risk if they open untrusted or compromised project files.
How it could be exploited
An attacker creates a malicious SoSafe Configurable project file and tricks a user into opening it on an engineering workstation. When opened, the file triggers unsafe deserialization (CWE-502) that executes arbitrary code with the privileges of the user running the application.
Prerequisites
- User with access to SoSafe Configurable application must open a malicious project file
- SoSafe Configurable version prior to 1.8.1 must be installed on the workstation
local user interaction requiredcan compromise engineering workstationaffects safety controller configuration
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SoSafe Configurable prior to V1.8.1<1.8.11.8.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SoSafe Configurable to version 1.8.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fd4554f3-0549-4bf5-9720-6dd4080ea3b5