Easergy Studio
Plan Patch7.8SEVD-2024-282-03Oct 8, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Easergy Studio versions 9.3.1 and earlier contain an improper file permission vulnerability in the installation directory. An attacker with local file system access could exploit this to escalate privileges and gain unauthorized access to the software's configuration and monitoring functions for power control devices.
What this means
What could happen
An attacker with local access to a machine running Easergy Studio could exploit weak file permissions to escalate privileges and gain unauthorized control of the configuration and monitoring software for power generation and control devices.
Who's at risk
Energy sector operators and control system engineers who use Easergy Studio to configure and manage protection relays, gateway devices, and other control equipment in power generation and distribution systems.
How it could be exploited
An attacker with local file system access to a workstation or server running Easergy Studio could write to the installation directory due to improper permission settings. This allows privilege escalation, potentially leading to modification of device configurations or unauthorized administrative access to the software's control functions.
Prerequisites
- Local file system access to the machine running Easergy Studio
- Easergy Studio version 9.3.1 or earlier
- User account with ability to write to the installation directory
local attack requiredprivilege escalationaffects device configuration software
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Easergy Studio≤ 9.3.19.3.4
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Easergy Studio to version 9.3.4 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a170ec05-4ab3-4e5f-ab19-8cb013db064c