CVE-2016-2278

Name of the Vulnerable Software and Affected Versions Schneider Electric Struxureware Building Operations Automation Server AS versions 1.7 and earlier Schneider Electric Struxureware Building Operations Automation Server AS-P versions 1.7 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.

Recommendations For Schneider Electric Struxureware Building Operations Automation Server AS versions 1.7 and earlier, consider restricting access to the Automation Server to minimize the risk of exploitation until a fix is available. For Schneider Electric Struxureware Building Operations Automation Server AS-P versions 1.7 and earlier, consider restricting access to the Automation Server to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.