Schneider Electric ConneXium Network Manager Improper Input Validation Vulnerability Allowing Project File Exploitation
Vulnerability
A vulnerability allowing improper input validation has been identified in Schneider Electric's ConneXium Network Manager software, all versions. This vulnerability could lead to a loss of confidentiality, integrity, and availability on engineering workstations when a malicious project file is loaded from the local system.
Impact
Exploitation of this vulnerability could result in a loss of confidentiality, integrity, and availability on affected engineering workstations.
Remediation
Users are advised to only open project files from trusted sources, verify the integrity of project files using hash checks, encrypt project files when stored, and use secure communication protocols when exchanging files over the network. Additionally, follow workstation, network, and site-hardening guidelines available in the Schneider Electric Recommended Cybersecurity Best Practices document.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.