PatchSiren cyber security CVE debrief
CVE-2024-2602 Schneider Electric CVE debrief
A path traversal vulnerability (CWE-22) in Schneider Electric FoxRTU Station prior to version 9.3.0 allows remote code execution when an authenticated user executes a saved project file that has been tampered with by a malicious actor. The vulnerability requires local access and user interaction, with a CVSS 3.1 score of 7.3 (HIGH). The attack vector involves a malicious actor gaining file write access to modify project files or place malicious DLLs in accessible directories, which are then executed by an authenticated user.
- Vendor
- Schneider Electric
- Product
- FoxRTU Station
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Schneider Electric FoxRTU Station in industrial control system (ICS/OT) environments, particularly those in critical infrastructure sectors. System administrators, security engineers, and OT security teams responsible for maintaining FoxRTU Station deployments should prioritize patching and implementing the recommended file integrity and access control mitigations.
Technical summary
The vulnerability exists in the project file handling mechanism of FoxRTU Station. An attacker with file write access to the target system can tamper with saved project files or place malicious DLLs in directories accessible to the application. When an authenticated user subsequently executes the tampered project file, the path traversal weakness allows execution of attacker-controlled code, resulting in remote code execution with high impact to confidentiality, integrity, and availability. The attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to FoxRTU Station version 9.3.0 or later by contacting Schneider Electric Process Automation Global Customer Support
- Implement strict file system access controls to prevent unauthorized modification of FoxRTU Station project files
- Store project files in secure storage with access restricted to trusted users only
- Use secure communication protocols when exchanging files over the network
- Encrypt project files when stored and password protect them following User Guide B0780AE rev. P Chapter 12
- Only open project files received from trusted sources
- Compute and regularly verify file hashes to ensure project file integrity before use
- Follow workstation, network and site-hardening guidelines in Schneider Electric's Recommended Cybersecurity Best Practices document 7EN52-0390
Evidence notes
CISA ICS Advisory ICSA-24-345-03 published 2024-07-09; Schneider Electric security notice SEVD-2024-191-03. Affected product confirmed as FoxRTU Station prior to v9.3.0. CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2024-2602 CVE record
CVE.org
-
CVE-2024-2602 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09