22. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

Earlier this month, Schneider Electric, a global supplier of energy and automation digital solutions published a security advisory for its customers stating the discovery of six major flaws in PowerLogic EGX100 and EGX300 communication gateways. Threat actors can exploit these security holes to access devices, launch denial-of-service (DoS) attacks, and for remote code execution. 

Security researchers have rated five of the security holes in the high severity category. They can be exploited for DoS attacks or remote code execution using specially designed HTTP products. The sixth flaw is related to the password recovery mechanism and it can be exploited to gain administrator-level access to a device. 

Jake Baines, a principal industrial control vulnerability analyst at industrial cybersecurity firm Dragos, assigned the flaws from CVE-2021-22763 to CVE-2021-22768. The flaws were identified in EGX devices, but Schneider has determined that two of the flaws also affect PowerLogic PM55xx power metering devices due to their sharing web server code. The affected devices are part of the company’s power monitoring and control offering, but they have reached the end of life.

“For example, CVE-2021-22763 is a backdoor account that gives full admin access to the device’s web server. As long as the attacker can rea

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Six Major Flaws Identified in Schneider PowerLogic Devices