Nozomi Networks discovers nine security flaws in electric power management products made by Schweitzer Engineering Laboratories.
One of the most severe vulnerabilities, CVE-2023-31171, allows a threat actor to to facilitate remote code execution (RCE) on an engineering workstation.
This backdoor access could persist even across reinstallations or hard resets of the BMC configuration itself, the company says.
Exploitation of this vulnerability can be accomplished by sending a phishing email that tricks an engineer into importing a specially crafted configuration file into his/her workstation.
What’s more, the shortcoming can be chained with CVE-2223-3075 to obtain administrative privileges on the target workstation .
Nozomi warns that these vulnerabilities allow attackers to gain remote control over a workstation even without root access being granted.