SpaceLogic AS-P and AS-B Automation Servers

MonitorCVSS 6.4SEVD-2024-163-04Jun 11, 2024

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Multiple vulnerabilities in Schneider Electric SpaceLogic AS-P and AS-B automation servers (version 5.0.3 and prior) allow a local administrative user to exploit a race condition (CWE-367) to extract SNMP credentials and escalate privileges. The SpaceLogic AS-P is a primary system controller handling control logic, trend logging, and alarm supervision with connectivity to field devices. The SpaceLogic AS-B is a compact all-in-one server for EcoStruxure Building Operation. Successful exploitation could lead to unauthorized modification of system configuration, control parameters, and device communications.

What this means

What could happen

An attacker with local access to a SpaceLogic automation server could read SNMP credentials and escalate their privileges to modify the building automation system configuration, including control logic, alarms, and field device parameters.

Who's at risk

Building automation operators and energy facility managers using Schneider Electric SpaceLogic AS-P (primary system controller for control logic and alarm supervision) or SpaceLogic AS-B (all-in-one building operation server) versions 5.0.3 or earlier should prioritize patching these systems, particularly in facilities where local access controls may be inadequate.

How it could be exploited

An attacker with local administrative access to the SpaceLogic AS-P or AS-B server could exploit a race condition (CWE-367) in the system's credential handling to extract SNMP credentials from system memory. With those credentials and elevated privileges, the attacker could reconfigure the automation system's control logic, trend logging, alarm settings, or communication parameters to field devices and I/O.

Prerequisites

Local administrative access to the SpaceLogic AS-P or AS-B server
Knowledge of the timing window to exploit the race condition
Access to the system during the vulnerable operation

Race condition vulnerabilityRequires high privilege level (local administrator)Affects credential exposure and privilege escalationNo active exploitation reported

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SpaceLogic AS-P V5.0.3 and prior≤ 5.0.36.0.1

SpaceLogic AS-B V5.0.3 and prior≤ 5.0.36.0.1

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply firmware update to SpaceLogic AS-P and AS-B version 6.0.1 or later

HOTFIXIf version 6.0.1 upgrade is not immediately feasible, apply available hotfix patches for versions 5.0.3 or 4.0.5 from the Schneider Electric community portal

CVEs (2)

CVE-2024-5558 CVE-2024-5557

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/050cef46-5c56-45c1-ad2d-3c0919092711

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.