Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

Pierluigi Paganini November 30, 2020

TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare.

Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020.

Schneider Electric zero-days

Schneider Electric is a vendor specialized in energy and automation products, like ICS, SCADA and IoT products. StruxureWare Building Operation is a software integrated with physical devices for integrated monitoring, control, and management of energy, lighting, fire safety, and HVAC.

Below the list of vulnerabilities discovered by the TIM’s Red Team Research team:

CVEVulnerabilitySeverity
CVE-2020-7569:Upload of File with Dangerous Type8.8
CVE-2020-7572Improper Restriction of XML External Entity Reference8.8
CVE-2020-28209Windows Unquoted Search Path7.0
CVE-2020-7570Cross-Site Scripting Stored5.4
CVE-2020-7571Cross-Site Scripting Reflected5.4
CVE-2020-7573Improper Access Control6.5

The issues were discovered during laboratory tests, promptly managed in a CVD (Coordinated Vulnerability Disclosure) process with the vendor.

The laboratory has been active for less than a year (based on the CVE recorded on the national Vulnerability Database), the experts also discovered unknown vulnerabilities in various products, including NOKIA, Wowza, Selesta, Flexera, Oracle and Siemens.

The research team has identified a total of 31 published CVEs, an average of one CVE every 11 days and this is the result of a great job that TIM is doing, especially in the Bug Hunting activities, where the Italian cybersecurity community should do much more.

The full list of CVEs discovered by the researchers is available at the TIM Corporate websites:

https://www.gruppotim.it/redteam

TIM is a leading Italian telco carrier, it is one of the few Italian industrial realities that dedicate an important effort in conducting research of undocumented vulnerabilities, for this reason, I suggest you follow them.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Schneider Electric)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment