OTPulse
FeedAboutContact

​Accutech Manager​

Plan Patch7.8SEVD-2023-192-03Jul 11, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Accutech Manager versions 2.7 and earlier contain a privilege escalation vulnerability that allows a local user to gain system-level access. Accutech Manager is the configuration and monitoring application for Accutech Wireless sensor devices used in SCADA and industrial monitoring systems. Successful exploitation could allow an attacker to access system functions including the command shell.

What this means
What could happen
An attacker with local access could gain system-level privileges on the Accutech Manager application, potentially allowing them to run arbitrary commands and modify configuration of your wireless sensor network.
Who's at risk
Energy sector organizations using Accutech Manager for wireless sensor device configuration and monitoring. Anyone managing Accutech Wireless sensors in SCADA or monitoring systems should prioritize patching the engineering workstations running this application.
How it could be exploited
An attacker with a local user account on the computer running Accutech Manager could exploit a buffer overflow or similar memory corruption issue to escalate privileges to system level, gaining the ability to execute commands with elevated permissions.
Prerequisites
  • Local user account on the computer running Accutech Manager
  • Accutech Manager version 2.7 or earlier
  • No network access required
local privilege escalationbuffer overflow vulnerabilityaffects wireless sensor managementlocal access requiredsystem-level access possible
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Accutech Manager <= 2.7≤ 2.72.8
Remediation & Mitigation
0/2
Do now
0/1
HARDENINGRestrict local access to computers running Accutech Manager; implement physical security and account controls to prevent unauthorized local users from accessing the application
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Accutech Manager to version 2.8 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1c19817b-00b1-450b-a477-f2f6e924e1b4
​Accutech Manager​ | CVSS 7.8 - OTPulse