Conext™ Gateway/ InsightHome and InsightFacility
Plan Patch7.2SEVD-2023-101-02Apr 11, 2023
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric Conext™ Gateway, InsightHome, and InsightFacility products contain an improper input validation vulnerability that could allow authenticated users to execute arbitrary code. The affected products are edge devices that connect solar and storage systems to the Insight monitoring application. An authenticated user could exploit this to insert a backdoor into the application or extract private certificates used for cloud communication.
What this means
What could happen
An authenticated attacker could run arbitrary commands on the solar/storage gateway, potentially disrupting monitoring, disabling inverters, or stealing credentials for cloud services that manage multiple residential or commercial systems.
Who's at risk
Residential and commercial solar installation companies and energy service providers who deploy InsightHome or InsightFacility gateways to monitor distributed solar and battery storage systems. Also affects any remaining users of the legacy Conext™ Gateway product (discontinued 2019 but still supported). Facilities managers and installers at commercial buildings with solar/storage systems are directly impacted.
How it could be exploited
An attacker with valid credentials (installer or technician account) could submit specially crafted input through the web UI or API to bypass input validation, leading to remote code execution on the gateway device. Once on the device, the attacker could install a persistent backdoor or extract private SSL certificates used to authenticate to the Insight cloud service.
Prerequisites
- Valid InsightHome/InsightFacility/Conext Gateway user account (installer or technician role)
- Network access to the gateway's web interface (port 443/HTTPS or local network access)
- The gateway must be online and reachable
Requires valid credentials but affects trusted technical staffRemotely exploitable over HTTPSCan lead to persistent backdoor accessNo authentication required for some API endpoints (if present)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
InsightHome/InsightFacility/Conext™ Gateway (Discontinued in 2019)≤ 1.16 Build 0041.17 Build 079 or later
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict administrative and installer account access to trusted personnel; audit user accounts and disable unused technician credentials
HARDENINGImplement network-level access controls to limit who can reach the gateway's management interface; use firewall rules or VPN to restrict administration to known IP ranges
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Conext™ Gateway, InsightHome, and InsightFacility to firmware version 1.17 Build 079 or later
HOTFIXPlan firmware update during a maintenance window; update requires gateway reboot and will temporarily interrupt monitoring and control of connected solar/storage systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/49e12eb8-8a48-449c-8eaf-7cb2bd86ffa6