Schneider Electric EcoStruxure Building Operation Workstation
Summary
Schneider Electric has identified vulnerabilities in EcoStruxure Building Operation Workstation and WebStation that could lead to exposure of local files or denial of service, potentially resulting in data breaches and operational disruptions. The affected versions include specific releases of both Workstation and WebStation, and the vulnerabilities stem from improper restriction of XML external entity reference and improper control of code generation.
IFF Assessment
Vulnerabilities in building operation software can be exploited to disrupt critical infrastructure.
Severity
Defender Context
Defenders should apply the provided remediations to prevent potential exploitation of these vulnerabilities. These vulnerabilities highlight the importance of secure coding practices and robust input validation in building management systems to protect against unauthorized access and control.