OTPulse
FeedAboutContact

EcoStruxure™ Cybersecurity Admin Expert

Plan Patch8SEVD-2022-165-08Jun 14, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

EcoStruxure™ Cybersecurity Admin Expert versions 2.2 and earlier contain credential validation and certificate verification flaws (CWE-290, CWE-295). These vulnerabilities allow man-in-the-middle and device spoofing attacks that could lead to unauthorized configuration changes or compromise of OT devices managed by the CAE tool. Version 2.4 includes fixes for these issues.

What this means
What could happen
An attacker could intercept communication between the CAE management tool and network devices or spoof device identities, potentially allowing unauthorized changes to electrical network configuration and control systems.
Who's at risk
Electrical utilities and energy companies that use Schneider Electric's EcoStruxure™ Cybersecurity Admin Expert to manage OT network security. Affects anyone running version 2.2 or earlier of this centralized cybersecurity management tool for electrical grids and substations.
How it could be exploited
An attacker positioned on the local network segment (AV:A) could perform a man-in-the-middle attack against the CAE management interface or spoof legitimate devices. The attacker would need user interaction (clicking a malicious link or accepting a spoofed connection), but once successful could gain full control over CAE-managed devices without requiring valid credentials.
Prerequisites
  • Network access to the same segment as the CAE management tool or managed devices
  • User interaction to accept or open a spoofed/intercepted connection
  • No credentials required if device spoofing is successful
remotely exploitable via networklow complexityaffects management and control systemsrequires user interaction
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure™ Cybersecurity Admin Expert (CAE) <=2.2≤ 2.22.4
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure™ Cybersecurity Admin Expert to version 2.4 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/71522a9b-99e4-4e50-8381-cf8eed97ada1
EcoStruxure™ Cybersecurity Admin Expert | CVSS 8 - OTPulse