Accutech Manager
Plan Patch7.5SEVD-2024-226-01Aug 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Vulnerability in Accutech Manager software, which is the configuration and monitoring application for Accutech Wireless sensor devices. An unauthenticated remote attacker can cause resource exhaustion and loss of availability of the software.
What this means
What could happen
An attacker could overwhelm Accutech Manager with network requests, causing the application to become unavailable. This would prevent operators from monitoring and controlling wireless sensor devices until the service is restored.
Who's at risk
Energy sector operators using Schneider Electric Accutech Manager for wireless sensor configuration and monitoring. This includes utilities managing wireless sensor networks for remote monitoring of equipment and infrastructure.
How it could be exploited
An attacker with network access to the Accutech Manager application port can send crafted requests to trigger a resource exhaustion condition. No authentication or valid credentials are required, and the attack can be executed remotely over the network.
Prerequisites
- Network access to Accutech Manager application port
- No credentials required
remotely exploitableno authentication requiredlow complexityaffects monitoring capability
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Accutech Manager≤ 2.08.012.10.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Accutech Manager to version 2.10.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/349b5dfb-d62e-4568-9db7-b20c2ae16e1f