Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016
CVE: CVE-2016-2278

Background

The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized buildings.

Problem

A vulnerability in the Automation Server product allows remote, authenticated users to bypass the msh (minimal shell) restrictions and execute arbitrary operating system commands. This vulnerability can be exploited using the default admin account if the password has not been changed.

Resolution

See SEVD-2016-025-01 for fix information.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01
https://www.exploit-db.com/exploits/39522/

Limitations

Exploit works on Automation Server 1.7 and earlier if the default admin password has not been changed.

Platforms

Linux

Back to exploit index