OTPulse
FeedAboutContact

Easergy Builder

Monitor6.3SEVD-2023-101-06Apr 11, 2023
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionRequired
Summary

Easergy Builder is a configuration tool for Easergy T300, Saitel DR, and Saitel DP devices. A vulnerability exists in the installer that is exploitable only during the installation process. This does not affect existing installations. Failure to use the patched version (1.7.24 or later) when performing new installations may lead to denial of service or arbitrary code execution.

What this means
What could happen
An attacker with local access during Easergy Builder installation could run arbitrary code or cause the installation to fail. This only affects new installations—existing systems are not impacted.
Who's at risk
Engineers and technicians at energy utilities who are installing or reconfiguring Easergy Builder for Easergy T300, Saitel DR, or Saitel DP devices should ensure they use the patched installer version. Existing installations are not at risk.
How it could be exploited
An attacker with local access to the machine running the Easergy Builder installer could exploit a vulnerability during the installation process to execute arbitrary code or cause a denial of service. This requires being present during the installation window when the installer is running.
Prerequisites
  • Local access to the machine running Easergy Builder installer
  • Ability to interact with the installer during the installation process
  • Installation of Easergy Builder version 1.7.23 or earlier
local access requiredhigh complexity to exploitaffects installer only (not production systems)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Easergy Builder installer≤ 1.7.231.7.24
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Easergy Builder to version 1.7.24 or later before performing new installations
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d103589e-24f4-467a-84ad-456a80f86cd8