EcoStruxure Power Commission
Plan Patch7.8SEVD-2022-347-03Dec 13, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
EcoStruxure Power Commission contains vulnerabilities related to insufficient access controls (CWE-285) that could allow unauthorized access to the application and disclosure of sensitive configuration information used for electrical switchboard and power system commissioning. The software is used to configure, test, and commission electrical products within switchboards. Failure to patch may result in loss of data integrity and confidentiality of electrical system configurations.
What this means
What could happen
An attacker with local access to an EcoStruxure Power Commission workstation could gain unauthorized access to the application and disclose sensitive configuration data, potentially revealing critical settings for electrical switchboards and power systems.
Who's at risk
Electrical utility and switchboard manufacturers and commissioning teams who use EcoStruxure Power Commission to configure and test medium-voltage and low-voltage switchboards and electrical distribution systems.
How it could be exploited
An attacker with local user account access to a machine running EcoStruxure Power Commission could exploit insufficient access controls to bypass authentication mechanisms or escalate privileges within the application, gaining unauthorized access to confidential configuration and commissioning data stored locally or in connected systems.
Prerequisites
- Local user account on workstation running EcoStruxure Power Commission
- EcoStruxure Power Commission version below 2.26 installed
local access requiredlow CVSS vector (local attack only)affects commissioning and configuration tools
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure Power Commission<2.252.26
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade EcoStruxure Power Commission to version 2.26 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ccb38f28-2eb1-472c-ac58-87bf67550290