A vulnerability classified as critical was found in Schneider Electric StruxureOn Gateway up to 1.1.3 (SCADA Software). Affected by this vulnerability is some unknown functionality of the component ZIP Handler. The manipulation with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.

The bug was discovered 02/08/2017. The weakness was published 02/12/2018 (Website). The advisory is shared at schneider-electric.com. This vulnerability is known as CVE-2017-9970 since 06/26/2017. The exploitation appears to be easy. The attack can be launched remotely. A single authentication is required for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1608.002 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 369 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• SCADA Software

Vendor

• Schneider Electric

Name

• StruxureOn Gateway

Version

• 1.1.0
• 1.1.1
• 1.1.2
• 1.1.3

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion