Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare.

Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020.

Schneider Electric is a vendor specialized in energy and automation products, like ICS, SCADA and IoT products. StruxureWare Building Operation is a software integrated with physical devices for integrated monitoring, control, and management of energy, lighting, fire safety, and HVAC.

Below the list of vulnerabilities discovered by the TIM’s Red Team Research team:

CVE	Vulnerability	Severity
CVE-2020-7569:	Upload of File with Dangerous Type	8.8
CVE-2020-7572	Improper Restriction of XML External Entity Reference	8.8
CVE-2020-28209	Windows Unquoted Search Path	7.0
CVE-2020-7570	Cross-Site Scripting Stored	5.4
CVE-2020-7571	Cross-Site Scripting Reflected	5.4
CVE-2020-7573	Improper Access Control	6.5

The issues were discovered during laboratory tests, promptly managed in a CVD (Coordinated Vulnerability Disclosure) process with the vendor.

The laboratory has been active for less than a year (based on the CVE recorded on the national Vulnerability Database), the experts also discovered unknown vulnerabilities in various products, including NOKIA, Wowza, Selesta, Flexera, Oracle and Siemens.

The research team has identified a total of 31 published CVEs, an average of one CVE every 11 days and this is the result of a great job that TIM is doing, especially in the Bug Hunting activities, where the Italian cybersecurity community should do much more.

The full list of CVEs discovered by the researchers is available at the TIM Corporate websites:

https://www.gruppotim.it/redteam

TIM is a leading Italian telco carrier, it is one of the few Italian industrial realities that dedicate an important effort in conducting research of undocumented vulnerabilities, for this reason, I suggest you follow them.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Schneider Electric)

[adrotate banner=”5″]

[adrotate banner=”13″]