SoSafe Configurable

MonitorCVSS 6.5SEVD-2021-194-03Jul 13, 2021

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

SoSafe Configurable prior to version 1.8.1 contains an unsafe deserialization vulnerability that could allow an attacker to execute arbitrary code on an engineering workstation through a malicious project file. The product is used to configure Preventa safety controllers.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation if a user opens a malicious SoSafe Configurable project file, potentially compromising the safety controller configuration and the ability to safely manage Preventa safety systems.

Who's at risk

Energy sector organizations using SoSafe Configurable for engineering and maintenance of Preventa safety controllers should prioritize this patch. Anyone responsible for configuring or managing safety controller projects is at risk if they open untrusted or compromised project files.

How it could be exploited

An attacker creates a malicious SoSafe Configurable project file and tricks a user into opening it on an engineering workstation. When opened, the file triggers unsafe deserialization (CWE-502) that executes arbitrary code with the privileges of the user running the application.

Prerequisites

User with access to SoSafe Configurable application must open a malicious project file
SoSafe Configurable version prior to 1.8.1 must be installed on the workstation

local user interaction requiredcan compromise engineering workstationaffects safety controller configuration

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

SoSafe Configurable prior to V1.8.1<1.8.11.8.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SoSafe Configurable to version 1.8.1 or later

CVEs (1)

CVE-2021-22777

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fd4554f3-0549-4bf5-9720-6dd4080ea3b5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.