CVE-2020-28209

Name of the Vulnerable Software and Affected Versions: EcoStruxure Building Operation Enterprise Server versions 1.9 through 3.1 EcoStruxure Building Operation Enterprise Central versions 2.0 through 3.1

Description: A Windows Unquoted Search Path issue exists in the installers for Enterprise Server and Enterprise Central. This could allow a local Windows user with write permission on at least one subfolder of the Connect Agent service binary path to gain the privileges of the user who started the service. The vulnerability is only valid if the application has been installed in a non-secure location, as by default, the software requires Administrator privileges for installation.

Recommendations: For EcoStruxure Building Operation Enterprise Server versions 1.9 through 3.1, ensure the software is installed in a secure location that requires Administrator privileges. For EcoStruxure Building Operation Enterprise Central versions 2.0 through 3.1, ensure the software is installed in a secure location that requires Administrator privileges. As a temporary workaround, consider restricting write access to the subfolders of the Connect Agent service binary path to minimize the risk of exploitation.