Tag: Privilege Escalation

security advisory

[ICS] Schneider Electric Wonderware InduSoft Web Studio Privilege Escalation

Schneider Electric Wonderware InduSoft Web Studio – Privilege Escalation

Vendor: Schneider Electric
Equipment: Wonderware InduSoft Web Studio
Vulnerability: Incorrect Default Permissions

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02

Read on for details.

security advisory

[ICS] Schneider Electric Building Operation Automation Server Multiple Vulnerabilities

Details of my security report on Schneider Electric Building Operation Automation Server are documented here.

The vulnerability disclosure and handling assistance from Schneider Electric team was commendable. However, from a security practices point of view, one of the aspects they seem to rely upon is Security through obscurity AND blind trust in the device users/administrators, ignoring both of these are bad concepts to run with.

Read on.