EcoStruxure™ Panel Server Box (PAS900)

Plan PatchCVSS 7.3SEVD-2022-284-02Oct 11, 2022

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxure™ Panel Server Box (PAS900) contains a buffer overflow or heap descriptor overwrite vulnerability in versions before 3.1.18. The PAS900 is a cloud-connected gateway supporting Modbus TCP/RTU for industrial control communications. A local attacker with a low-privilege user account on the device could trigger a buffer overflow through a specially crafted input, leading to arbitrary code execution or denial of service. This affects the gateway's ability to route and manage communications between energy management systems and field devices.

What this means

What could happen

A local attacker with limited user privileges could overwrite memory on the PAS900 gateway, potentially gaining control to manipulate Modbus TCP/RTU communications between your SCADA/energy management systems and connected devices, or force the device to stop operating.

Who's at risk

Energy utilities and critical infrastructure operators using Schneider EcoStruxure™ Panel Server Box (PAS900) as a cloud-connected gateway for Modbus TCP/RTU communications in SCADA and industrial control networks. The risk is highest in facilities where the PAS900 has direct physical access from untrusted users or shared administrative accounts.

How it could be exploited

An attacker with a low-privilege local user account on the PAS900 device can send a specially crafted input that overflows a memory buffer or overwrites the heap descriptor, leading to arbitrary code execution or denial of service. The attacker would need console or SSH access to the gateway itself.

Prerequisites

Local access to the PAS900 device (SSH or console login)
A user account with limited privileges on the device
No network-based exploitation possible; attacker must reach the device locally

Requires local access (not remotely exploitable over network)Requires valid local user account (low privilege accepted)Low EPSS score (0.3% exploit probability)Affects critical energy infrastructure gatewayBuffer overflow / memory corruptionCould result in arbitrary code execution or denial of service

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ Panel Server Box (PAS900) <3.1.16<3.1.163.1.18

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local SSH and console access to the PAS900 to authorized personnel only; implement strong authentication and access controls

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure™ Panel Server Box (PAS900) firmware to version 3.1.18 or later via the EMOP cloud platform or local web interface

Long-term hardening

0/1

HARDENINGMonitor the PAS900 for unusual process behavior or unexpected firmware modifications

CVEs (2)

CVE-2022-30790 CVE-2022-30552

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/02f73a59-ccd0-4809-938d-2e0ed9a0b438

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.