ProLeiT Plant iT/Brewmaxx

Act NowCVSS 10SEVD-2023-346-02Dec 12, 2023

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Plant iT/Brewmaxx (v9.60 and later) contains a vulnerability in its embedded Redis open-source database. The vulnerability allows privilege escalation and remote code execution without requiring authentication or user interaction. An attacker with network access to the Redis database port can execute arbitrary commands on the system, potentially compromising the integrity and availability of manufacturing execution and process control functions. The vulnerability is currently being actively exploited in the wild.

What this means

What could happen

An attacker can gain complete control of the Plant iT/Brewmaxx manufacturing execution system remotely without credentials, allowing them to modify process setpoints, alter production parameters, halt operations, or inject malicious commands into your manufacturing or energy control environment.

Who's at risk

Energy utilities and manufacturing plants using Schneider Electric Plant iT/Brewmaxx for process control and manufacturing execution. This affects anyone running version 9.60 or later of this MES/PLC-based system that manages production processes, setpoints, and operational parameters.

How it could be exploited

The vulnerability exists in the embedded Redis database used by Plant iT/Brewmaxx. An attacker on the network can connect directly to the Redis instance and execute arbitrary commands, escalating privileges and achieving remote code execution on the system. No authentication is required if the Redis port is exposed to the attacker's network.

Prerequisites

Network access to the Plant iT/Brewmaxx Redis database port (typically port 6379 or similar)
Plant iT/Brewmaxx v9.60 or later running and accessible from attacker's network segment

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)extremely high EPSS score (94.4%)no patch availableaffects control system operations

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (5 repositories)

Affected products (1)

ProductAffected VersionsFix Status

Plant iT/Brewmaxx v9.60 and above≥ 9.60No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

HARDENINGIsolate Plant iT/Brewmaxx system behind a firewall and restrict network access from business networks and the Internet

WORKAROUNDBlock all inbound connections to the Redis database port (6379 and related ports) from untrusted networks at the firewall

HARDENINGIf remote access to Plant iT is required, configure a VPN with strong authentication and route only authorized traffic through it

WORKAROUNDDisable or restrict remote access to Plant iT until a patch is available

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to place Plant iT/Brewmaxx on a dedicated control network separate from business systems

HOTFIXMonitor Schneider Electric security bulletins for a firmware or software patch that addresses the underlying Redis vulnerability

HARDENINGRestrict physical access to the Plant iT/Brewmaxx hardware and ensure no unauthorized personnel can connect devices or change settings

CVEs (1)

CVE-2022-0543

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/66462ce3-5ac9-4248-a8fb-28a0367c8a50

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.