Conext™ Advisor & Conext™ Control V2

Act NowCVSS 10SEVD-2021-285-05Oct 12, 2021

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Conext Advisor 2 (Cloud and Gateway) and Conext Control V2 Gateway contain multiple Windows vulnerabilities that could allow remote code execution. The Conext Advisor 2 is a web-based management portal for solar power plants; the Control V2 is a solar plant monitoring solution. An attacker who exploits these vulnerabilities could execute arbitrary code with system privileges, potentially altering plant operations, monitoring data, or control settings. No patch is currently available from Schneider Electric for these products; the vulnerability must be addressed through Windows operating system patching and network isolation.

What this means

What could happen

An attacker could execute arbitrary code on the Conext Advisor 2 or Control V2 gateway, potentially altering solar plant monitoring data, disabling plant controls, or installing malicious software that persists on the system.

Who's at risk

Solar power plant operators and engineers using Conext Advisor 2 (cloud portal and gateway) or Conext Control V2 Gateway for monitoring and managing solar installations. This affects energy sector operations, particularly distributed solar assets and plant control systems.

How it could be exploited

The vulnerability exists in the underlying Windows operating system on these devices. An attacker with network access to the web portal or gateway could send a specially crafted request that exploits a Windows vulnerability to run arbitrary commands with system-level privileges.

Prerequisites

Network access to the Conext Advisor 2 Cloud web portal or the Conext Control V2 Gateway
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.4%)no patch available from Schneider Electricaffects control systems

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

Conext™ Advisor 2 Cloud 2.02 and below≤ 2.02No fix yet

Conext™ Advisor 2 Gateway 1.28.45 and below≤ 1.28.45No fix yet

Conext™ Control V2 Gateway 2.6 and below≤ 2.6No fix yet

Remediation & Mitigation

0/2

Do now

0/2

HOTFIXUpdate the Windows 10 operating system on all Conext Advisor 2 and Conext Control V2 gateway systems to the latest version available from Microsoft. A system reboot is required after patching.

HARDENINGIsolate Conext Advisor 2 Cloud portals and Conext Control V2 gateways on a protected network segment with restricted inbound access from trusted engineering workstations only. Implement firewall rules to deny direct internet access to these systems.

CVEs (11)

CVE-2019-11135 CVE-2020-0601 CVE-2020-0609 CVE-2020-0610 CVE-2020-0796 CVE-2020-0938 CVE-2020-1020 CVE-2020-1350 CVE-2020-1472 CVE-2019-0803 CVE-2019-1040

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74cef0e2-7c1b-47f3-93cf-b943cd30b9ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.