Resecurity identified a zero-day vulnerability in the Schneider Electric Accutech Manager product. The vulnerability, labeled as CVE-2023-29414 and SEVD-2-23-192-03, has been rated high with a CVSS v3.1 Base Score of 7.8.
This issue pertains to a Buffer Overflow exploitation (CWE-120) found in version 2.7 and earlier versions of the product. If exploited, it could lead to user privilege escalation, especially if a local user sends a specific string input to a local function call.
Resecurity’s HUNTER team was quick to detect this vulnerability and promptly issued an early-warning alert to Schneider Electric Product Security Team. They further assisted Schneider Electric by providing a working Proof-of-Concept (POC), ensuring a swift resolution to the problem.
The energy and industrial sectors are vital backbones of our modern society. Recognizing the importance of safeguarding these sectors, Resecurity remains steadfast in its commitment to ensuring the protection of critical infrastructure on a global scale. The firm believes in paving the way for a secure digital future, where the integrity of essential industrial control systems (ICS) and their components (SCADA, RTU) remains protected from cyberattacks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, buffer overflow)