CVE-2016-2278
published 2016-03-02CVE-2016-2278: Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to…
PriorityP358high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
13.43%
96.0th percentile
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | struxureware_building_operations_automation_server_as-p_firmware | — | — |
| schneider-electric | struxureware_building_operations_automation_server_as_firmware | <= 1.7 | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric Building Operation Automation Server Vulnerability
cisa_ics·2018-08-23
Schneider Electric Building Operation Automation Server Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Building Operation Automation Server Vulnerability
Last RevisedAugust 23, 2018
Alert CodeICSA-16-061-01
## OVERVIEW
Independent researcher Karn Ganeshen has identified a vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software. Schneider Electric has produced a new version to mitigate this vulnerability.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
Schneider Electric reports that the vulnerability affects the following products from the StruxureWare Building Operations line:
- Automation
GHSA
GHSA-5242-5wvm-8m3p: Schneider Electric Struxureware Building Operations Automation Server AS 1
ghsa_unreviewed·2022-05-14
CVE-2016-2278 [HIGH] CWE-284 GHSA-5242-5wvm-8m3p: Schneider Electric Struxureware Building Operations Automation Server AS 1
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
No detection rules found.
No writeups or analysis indexed.
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-025-01https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01https://www.exploit-db.com/exploits/39522/http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-025-01https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01https://www.exploit-db.com/exploits/39522/
2016-03-02
Published