Schneider Electric Wonderware InduSoft Web Studio – Privilege Escalation
Vendor: Schneider Electric
Equipment: Wonderware InduSoft Web Studio
Vulnerability: Incorrect Default Permissions
Read on for details.
Details of my security report on Schneider Electric Building Operation Automation Server are documented here.
The vulnerability disclosure and handling assistance from Schneider Electric team was commendable. However, from a security practices point of view, one of the aspects they seem to rely upon is Security through obscurity AND blind trust in the device users/administrators, ignoring both of these are bad concepts to run with.
Reported multiple vulnerabilities in Cambium ePMP 1000.
Read on for details & poc.